Version: 3.0.0 (current)

Authentication

The V3 API accepts an Authentication header with the format Basic <base64(username:secret)>.

The username is retreived from the backoffice keys page.

There are two options for secrets:

1. Unscoped API key

info

This is the recommended way to authenticate.

The simplest form of authentication is to use a key generated in the backoffice keys page as a secret to gain full access to the API.

2. Advanced: Generated secrets

info

This is an advanced use case.

If you want more control of the access, you can Generate a secret with custom lifetime and scopes.

Example 1: Secret that can be used to create sessions for 48 hours:

{
  "lifetime": {
    "unit": "hour",
    "count": 48
  },
  "scopes": {
    "operations": ["create_session"]
  }
}

Example 2: Secret that can do everything related to a single session for 24 hours:

{
  "lifetime": {
    "unit": "hour",
    "count": 24
  },
  "scopes": {
    "sessionId": "dcea4c10-d67e-4ce3-8826-a16c7bbc4771"
  }
}

Example 3: Secret that can only be used to read a single session for one minute:

{
  "lifetime": {
    "unit": "minute",
    "count": 1
  },
  "scopes": {
    "operations": ["read_session"],
    "sessionId": "dcea4c10-d67e-4ce3-8826-a16c7bbc4771"
  }
}

Authentication

1. Unscoped API key​

2. Advanced: Generated secrets​

1. Unscoped API key

2. Advanced: Generated secrets