Authentication
All data in the platform is private by default; you can access private data by passing an access token to the API.
Introduction
Collections provides a REST API to manage data in the database; the API relies on standard HTTP status codes and uses JSON for input and output.
Access Tokens
There are two types of tokens that can be used to authenticate Collections.
Temporary Token (JWT) are returned by the login endpoint as token
. These tokens have a relatively short expiration date and are the safest to use.
A refreshToken
is returned with the token
and can be used by the refresh endpoint to obtain a new token.
API key can be set per platform user and do not expire. Although insecure, it is very useful for server-to-server communication.
API keys are stored in plain text in CollectionsUsers.apiKey
.
Once you have your access token, there are two ways to pass it to the API, via the access_token
query parameter, or in the request's Authorization Header.
Query Parameter
?access_token=<token>
Authorization Header
Authorization: Bearer <token>
Related APIs