Authentication

How to authenticate your API requests

Available methods

Almost all endpoints require authorization for access. You can authorize either be providing a static API key in your request, or by using an access token (JWT).

Unless specifically indicated, all endpoints require use of one of the available authentication methods.

Using API Keys

To authorize using an API key, include a query string parameter named apiKey in your request:

axios({
	"method": "GET",
	"url": "[API_ENDPOINT]",
	"params": {
		"apiKey": "[YOUR_API_KEY]"
	}
})
curl "[API_ENDPOINT]?apiKey=[YOUR_API_KEY]"

Make sure to replace YOUR_API_KEYwith your API key.

You can use an API key to access the API. You can create a new API key in our developer console (see instructions).

Radiant Drift accepts valid API keys included as a URL parameter in an request, as shown:

...?apiKey=[YOUR_API_KEY]

🚧 Coming soon: you may optionally configure your API keys to allow requests only from certain IP address ranges (given in CIDR format), and/or only certain origins (determined by the request Origin header value). This is done in the developer console.

You must replace YOUR_API_KEY with your personal API key.Be sure to keep your API keys secure. Rotate them appropriately and configure appropriate restrictions to ensure they cannot be abused.

Using Access Tokens

For additional security, you can obtain an access token in the form of a JSON web token using your account ID and an API key. The JWT so obtained can then be used to authorize multiple requests. This avoids the need to include the actual API key in every request. It also avoids an additional lookup on the server to fetch your API key details, which may result in marginally improved response times.

Use of the access token is subject to the same restrictions as those of the API key used to obtain it (i.e. allowed IP addresses and allowed origins).

Obtaining an access token

In our OpenAPI spec, this security scheme is named radiantDriftAuth. It is only used in conjunction with obtaining an access token (JWT)

To obtain an access token, make the following request:

axios({
	"method": "GET",
	"url": "http://api.radiantdrift.com/auth/access-token",
	"headers": {
		"Authorization": "RadiantDriftAuth [YOUR_ACCOUNT_ID]:[YOUR_API_KEY]"
	}
})
curl "https://api.radiantdrift.com/auth/access-token" \
     -H 'Authorization: RadiantDriftAuth [YOUR_ACCOUNT_ID]:[YOUR_API_KEY]'

Response:

// The token is returned as a field in the response body
{
  "success": true,
  "token": "[YOUR_ACCESS_TOKEN]"
}

Make sure to replace YOUR_ACCOUNNT_ID with your account ID and YOUR_API_KEY with your API key.

To obtain an access token, send a request to the access token end point, including an authorization header constructed from your account ID and API key.

Access tokens are valid for 15 minutes from the time of issue and can be used for multiple subsequent requests.

Making a request with an access token

To authorize a request using an access token, include it shown:

axios({
	"method": "GET",
	"url": "https://api.radiantdrift.com/[API_ENDPOINT]",
	"headers": {
		"Authorization": "RadiantDriftAuth [YOUR_ACCESS_TOKEN]"
	}
})
curl "https://api.radiantdrift.com/[API_ENDPOINT]" \
     -H 'Authorization: RadiantDriftAuth [YOUR_ACCESS_TOKEN]'

Response:

// Response varies based on the selected end point - see below

Make sure to replace YOUR_ACCESS_TOKEN with the response received to a successful access token request (see 'Obtaining an access token').

To make an authorized request using an access token, include it in the request Authorization header as shown:

Authorization: RadiantDriftAuth [YOUR_ACCESS_TOKEN]

Authentication Failures

If your authentication is invalid (e.g. bad API key, expired JWT, JWT cannot be validated), you will receive a 401 Not Authorized error. The response body may contain additional information as to why the request failed.

PreviousSubscription PlansNextAbout your account

Last updated