Authentication [ Stable ]
If you have created API keys after 17 June 2020, use this Authentication method. If you have created API keys before 17 June 2020, refer Authentication [Deprecated].
Authorization header
All calls to the Open API require authentication. You will need to get an access_key and secret_key from the dashboard via the settings page. See Generating access_key and secret_key.
Making a request
All REST requests must contain the following headers:
| Header key | Description |
|---|---|
Authorization | Where your accesskey and secretkey info will be transmitted |
Request body | All request bodies should have a content type of application/json and be valid JSON. |
The Authorization header will have the format of
Authorization: Bearer ACCESS_KEY:SECRET_KEY
Keep SECRET_KEY safe!
SECRET_KEY is considered as sensitive and should be kept safe. SECRET_KEY shouldn't be stored in any front-end languages like Javascript/HTML. Any APIs which require passing SECRET_KEY in the header will only work from server side. If you try to call an API which requires SECRET_KEY to be passed from javascript, it will be rejected.
Updated about 2 years ago