Authorization

Our REST API service uses a key based authorization that could be managed in your Account page. You can find your own API key in form of a 64 character string, and note that we will be able to identify you with it, so please do not share it.

All client requests are authorized using valid API keys via an specific HTTP header or query string. Query string takes priority over HTTP header, so query string will be considered if you send both at the same time.

Sending API key via query string

In order to authorize requests using “api_key” query string, you need to send it as follows:

<HTTP-METHOD> <domain>/api/<version>/<path>?api_key=<api_key>

Sending API key via HTTP header

In order to authorize requests using HTTP header named “X-RMAuth”, you need to perform as follows:

<HTTP-METHOD> <domain>/api/<version>/<path>
X-RMAuth: <api_key>

Unauthorized requests

If you send invalid API keys, you are going to get a response with HTTP 403 Forbidden status and the following payload:

{
         "status": {
                  "code": null,
                  "messages": ["API key is not valid"]
         },
         "data": null
}