Credentials consist of
- API Key : API Client identifier, can be shared.
- API Secret : Shared secret between client and Ifeelgoods.
These credentials are specific to each environment (as described above) and allow you access your resources exclusively. To get your credentials, please reach out to your Ifeelgoods contact at [email protected].
Your API Secret acts as a strong password and carry many privileges, so never disclose it publicly!
Two authentication methods are possible :
- Header-based authentication (i.e embedding Api-Key and Api-Secret in headers on every request)
- Token-based authentication (i.e embedding an Auth Token in the headers on every request)
API Key-based Authentication
A simple approach is to include the API credentials in the headers directly, using Api-Key and Api-Secret.
Api-Key: {IFEELGOODS_API_KEY}
Api-Secret: {IFEELGOODS_API_SECRET}
OAuth2 tokens
There's no reinventing the wheel here so we implemented the OAuth2 authorization framework to use the client credentials approach.
Access tokens are issued by requesting the OAuth endpoint with the API credentials. For further details, check the OAuth API documentation.
Access tokens need to be included in all requests made to the API using the Authorization header.
Authorization: Bearer {IFEELGOODS_OAUTH_TOKEN}
OAuth2 tokens vs API Key-based Authentication
API Key-based authentication is meant solely for Server-to-Server interactions with this API since it requires sending the API secret on every request. The Token-based authentication can be used for hitting the API from client side applications (web or mobile).
Please contact us at [email protected] for more information.