Authentication [ Stable ]


If you have created API keys after 17 June 2020, use this Authentication method. If you have created API keys before 17 June 2020, refer Authentication [Deprecated].

Authorization header

All calls to the Open API require authentication. You will need to get an access_key and secret_key from the dashboard via the settings page. See Generating access_key and secret_key.

Making a request

All REST requests must contain the following headers:

Header keyDescription
AuthorizationWhere your accesskey and secretkey info will be transmitted
Request bodyAll request bodies should have a content type of application/json and be valid JSON.

The Authorization header will have the format of
Authorization: Bearer ACCESS_KEY:SECRET_KEY


Keep SECRET_KEY safe!

SECRET_KEY is considered as sensitive and should be kept safe. SECRET_KEY shouldn't be stored in any front-end languages like Javascript/HTML. Any APIs which require passing SECRET_KEY in the header will only work from server side. If you try to call an API which requires SECRET_KEY to be passed from javascript, it will be rejected.