Authentication
Access token
All HTTP requests to the API must be authorized with a JWT access token via bearer authentication. The access token must be sent in the Authorization
header. Example:
All API requests must be made over HTTPS. Calls made over plain HTTP will get a 301 response redirecting to their HTTPS equivalent. Calls without a valid authorization token will fail with a 401
error code.
Authentication workflow
Start by connecting to the Didomi console. Navigate to the adequate organization and go to Settings/Private API keys.
There you will be able to generate a Private API key and a secret.
To generate an access token, send an HTTP POST
request to https://api.didomi.io/v1/sessions
with a JSON body containing the following values:
Key
Value
Description
type
api-key
The type of authorization request (in this case, using an API key and secret)
key
Your API key
Use your Private API key
secret
Your API secret
Use the secret that you received when you generated your Private API key
The /sessions
endpoint of the API is used to authenticate yourself and obtain a JSON Web Token that should be used for other API calls. All other API endpoints expect a JWT.
For a full reference of the endpoint and the resources that it returns, visit https://api.didomi.io/docs/.
Request example:
The response will contain an access_token
property with the token that you should use for authorizing further requests. If there is a problem authenticating you, a 400
error is returned.
Response example:
You can generate as many tokens as you want. Tokens will expire after 1 hour so, if you are running a long-term process, make sure to regenerate a new token regularly.
Last updated