Authentication
The V3 API accepts an Authentication
header with the format Basic <base64(username:secret)>
.
The username is retreived from the backoffice keys page.
There are two options for secrets:
1. Unscoped API key
info
This is the recommended way to authenticate.
The simplest form of authentication is to use a key generated in the backoffice keys page as a secret to gain full access to the API.
2. Advanced: Generated secrets
info
This is an advanced use case.
If you want more control of the access, you can Generate a secret with custom lifetime and scopes.
Example 1: Secret that can be used to create sessions for 48 hours:
{
"lifetime": {
"unit": "hour",
"count": 48
},
"scopes": {
"operations": ["create_session"]
}
}Example 2: Secret that can do everything related to a single session for 24 hours:
{
"lifetime": {
"unit": "hour",
"count": 24
},
"scopes": {
"sessionId": "dcea4c10-d67e-4ce3-8826-a16c7bbc4771"
}
}Example 3: Secret that can only be used to read a single session for one minute:
{
"lifetime": {
"unit": "minute",
"count": 1
},
"scopes": {
"operations": ["read_session"],
"sessionId": "dcea4c10-d67e-4ce3-8826-a16c7bbc4771"
}
}