API key

Authenticating using API keys

This option can be disabled through configuration in all interfaces, with the exception of those used for device integration. The API keys can be sent using one of following methods:

  • As a request header
  • As a parameter in the request URL (with the former preferred for security reasons). This option is only available for device integration

Using an HTTP header

This is the recommended method of sending your API key. While it is not secure if sent over an unencrypted connection, it is less likely to be logged as part of the URL:

API Key in HTTP header example:

POST /south/v80/devices/YOUR-DEVICE-ID/collect/dmm
Host: [api.opengate.es]
X-ApiKey: YOUR-API-KEY-HERE

The API key is sent using the X-ApiKey HTTP header. An example of POST request may look like this:

curl --request POST \
     --verbose \
     --header "X-ApiKey: YOUR-API-KEY-HERE" \
     --header "Content-type: application/json" \
     --data-binary @device.json \
     http://api.opengate.es/north/v80/provision/organizations/{organizationName}/devices

As a request parameter

Parameter Name Value
X-ApiKey YOUR_API_KEY_HERE
http://api.opengate.es/south/v80/devices/{device.id}/collect/dmm?X-ApiKey=YOUR-API-KEY-HERE

API key as URL parameter example:

POST /south/v80/devices/{device.id}/collect/dmm?X-ApiKey=YOUR-API-KEY-HERE
Host: [api.opengate.es]