API Authentication and Security

Overview

In the context of REST, authentication is the means by which a requester is identified and given access.

The InFocus API uses Basic Authentication, where an API Key is passed in the Authorization Request Header.

Authorization: Basic {authkey:}

API Keys

API Keys can be managed within InFocus using the API Management applet. Each key (32bit unique key) created can be assigned access independently to the various resources of the API.

As API Keys grant access to the various resources and endpoints, you should never share your secret API Keys in publicly accessible areas.

Secure vs Public Routes

When working with API's in the API Management applet, each endpoint can be assigned a Secure and, optionally, Public Route.

Secure Routes are secure in that they are governed by an API Key, as discussed above.

Public Routes are publicly accessible. As such, great caution should be used when enabling public routes.

All API requests should be made over HTTPS.