Request Authentication
How to authenticate your API requests
Last updated
How to authenticate your API requests
Last updated
To create an API key, see the instructions .
Almost all endpoints require authorization for access. You can authorize either be providing a static API key in your request, or by using an access token (JWT).
To authorize using an API key, include a query string parameter named apiKey
in your request:
Radiant Drift accepts valid API keys included as a URL parameter in an request, as shown:
...?apiKey=[YOUR_API_KEY]
You must replace YOUR_API_KEY
with your personal API key.Be sure to keep your API keys secure. Rotate them appropriately and configure appropriate restrictions to ensure they cannot be abused.
Use of the access token is subject to the same restrictions as those of the API key used to obtain it (i.e. allowed IP addresses and allowed origins).
To obtain an access token, make the following request:
Response:
To obtain an access token, send a request to the access token end point, including an authorization header constructed from your account ID and API key.
Access tokens are valid for 15 minutes from the time of issue and can be used for multiple subsequent requests.
To authorize a request using an access token, include it shown:
Response:
Make sure to replace YOUR_ACCESS_TOKEN
with the response received to a successful access token request (see 'Obtaining an access token').
To make an authorized request using an access token, include it in the request Authorization header as shown:
If your authentication is invalid (e.g. bad API key, expired JWT, JWT cannot be validated), you will receive a 401 Not Authorized
error. The response body may contain additional information as to why the request failed.
You can use an API key to access the API. You can create a new API key in our (see ).
For additional security, you can obtain an access token in the form of a using your account ID and an API key. The JWT so obtained can then be used to authorize multiple requests. This avoids the need to include the actual API key in every request. It also avoids an additional lookup on the server to fetch your API key details, which may result in marginally improved response times.
In our , this security scheme is named radiantDriftAuth
. It is only used in conjunction with obtaining an access token (JWT)