Authorization methods

All API v2 requests must employ one of the following authorization methods in order to be validated:

API key & API secret

You can use a domain API key and API secret to sign the request. Devo Admin users can find these credentials in Administration → Credentials, in the Access Keys tab. Check the Credentials article for more details.

This method requires three parameters in the request header:

Parameter Value Description
x-logtrust-apikey Domain API key

The API key of your Devo domain. Go to Administration → Credentials to find your API key.

x-logtrust-sign HMAC SHA-256 (API key + body message + x-logtrust-timestamp + API secret)

Signed body as a HMAC SHA-256 using the API secret to sign the concatenation of the API key + body message + timestamp encoded as an hexadecimal string. If the request has an empty body message, the sign will be the concatenation of the API key + timestamp

If the signature is not valid, the server will return a 401 Unauthorized HTTP Status error

x-logtrust-timestamp

Current timestamp in milliseconds

Timestamp expressed in milliseconds

JWT token

You can use a JWT token to authorize your request. This method needs one header parameter:

Parameter Value Description
Authorization

jwt <token>

JWT is an open standard that defines a compact and self-contained way for securely transmitting information between parties through tokens. Contact the Devo support team if you want to use this authorization method.

OAuth token

You can use an OAuth token to authorize your request. This method needs one header parameter:

Parameter Value Description
Authorization

Bearer <token>

You can generate this token in Devo and use it to restrict query requests to a specific set of data tables. See Credentials to learn how to create them.

Have we answered your question?

If not, please contact our technical support team via email by clicking the button below.

CONTACT US