Docs
Authentication

Authentication

All data in the platform is private by default; you can access private data by passing an access token to the API.

Introduction

Collections provides a REST API to manage data in the database; the API relies on standard HTTP status codes and uses JSON for input and output.

Access Tokens

There are two types of tokens that can be used to authenticate Collections.

Temporary Token (JWT) are returned by the login endpoint as token. These tokens have a relatively short expiration date and are the safest to use. A refreshToken is returned with the token and can be used by the refresh endpoint to obtain a new token.

API key can be set per platform user and do not expire. Although insecure, it is very useful for server-to-server communication. API keys are stored in plain text in CollectionsUsers.apiKey.

Once you have your access token, there are two ways to pass it to the API, via the access_token query parameter, or in the request's Authorization Header.

Query Parameter

?access_token=<token>

Authorization Header

Authorization: Bearer <token>

Related APIs