Authentication

Access token

All HTTP requests to the API must be authorized with a JWT access token via bearer authentication. The access token must be sent in the Authorization header. Example:

curl -H "Authorization: Bearer <token>" https://api.didomi.io/v1/properties

All API requests must be made over HTTPS. Calls made over plain HTTP will get a 301 response redirecting to their HTTPS equivalent. Calls without a valid authorization token will fail with a 401 error code.‌

Authentication workflow

Start by connecting to the Didomi console. Navigate to the adequate organization and go to Settings/Private API keys. There you will be able to generate a Private API key and a secret.‌

To generate an access token, send an HTTP POST request to https://api.didomi.io/v1/sessions with a JSON body containing the following values:

The /sessions endpoint of the API is used to authenticate yourself and obtain a JSON Web Token that should be used for other API calls. All other API endpoints expect a JWT.‌

For a full reference of the endpoint and the resources that it returns, visit .‌

Request example:

curl --request POST --url 'https://api.didomi.io/v1/sessions' --header 'content-type: application/json' --data '{"type": "api-key", "key": "<Your API key>", "secret": "<Your API secret>"}'

The response will contain an access_token property with the token that you should use for authorizing further requests. If there is a problem authenticating you, a 400 error is returned.‌

Response example:

{    "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ"}

You can generate as many tokens as you want. Tokens will expire after 1 hour so, if you are running a long-term process, make sure to regenerate a new token regularly.