Authentication
All HTTP requests to the API must be authorized with a JWT access token via bearer authentication. The access token must be sent in the
Authorization
header. Example:curl -H "Authorization: Bearer <token>" https://api.didomi.io/v1/properties
All API requests must be made over HTTPS. Calls made over plain HTTP will get a 301 response redirecting to their HTTPS equivalent. Calls without a valid authorization token will fail with a
401
error code.Start by connecting to the Didomi console. Navigate to the adequate organization and go to
Settings/Private API keys.
There you will be able to generate a Private API key and a secret.To generate an access token, send an HTTP
POST
request to https://api.didomi.io/v1/sessions
with a JSON body containing the following values:Key | Value | Description |
type | api-key | The type of authorization request (in this case, using an API key and secret) |
key | Your API key | Use your Private API key |
secret | Your API secret | Use the secret that you received when you generated your Private API key |
The
/sessions
endpoint of the API is used to authenticate yourself and obtain a JSON Web Token that should be used for other API calls. All other API endpoints expect a JWT.For a full reference of the endpoint and the resources that it returns, visit https://api.didomi.io/docs/.
Request example:
curl --request POST --url 'https://api.didomi.io/v1/sessions' --header 'content-type: application/json' --data '{"type": "api-key", "key": "<Your API key>", "secret": "<Your API secret>"}'
The response will contain an
access_token
property with the token that you should use for authorizing further requests. If there is a problem authenticating you, a 400
error is returned.Response example:
{ "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ"}
You can generate as many tokens as you want. Tokens will expire after 1 hour so, if you are running a long-term process, make sure to regenerate a new token regularly.
Last modified 2yr ago