Authentication
Access token
All HTTP requests to the API must be authorized with a JWT access token via bearer authentication. The access token must be sent in the Authorization header. Example:
All API requests must be made over HTTPS. Calls made over plain HTTP will get a 301 response redirecting to their HTTPS equivalent. Calls without a valid authorization token will fail with a 401 error code.
Authentication workflow
Start by connecting to the Didomi console. Navigate to the adequate organization and go to Settings/Private API keys. There you will be able to generate a Private API key and a secret.
To generate an access token, send an HTTP POST request to https://api.didomi.io/v1/sessions with a JSON body containing the following values:
Key | Value | Description |
| api-key | The type of authorization request (in this case, using an API key and secret) |
| Your API key | Use your Private API key |
| Your API secret | Use the secret that you received when you generated your Private API key |
The /sessions endpoint of the API is used to authenticate yourself and obtain a JSON Web Token that should be used for other API calls. All other API endpoints expect a JWT.
For a full reference of the endpoint and the resources that it returns, visit https://api.didomi.io/docs/.
Request example:
The response will contain an access_token property with the token that you should use for authorizing further requests. If there is a problem authenticating you, a 400 error is returned.
Response example:
You can generate as many tokens as you want. Tokens will expire after 1 hour so, if you are running a long-term process, make sure to regenerate a new token regularly.
Last updated