Authorization methods
All API v2 requests must employ one of the following authorization methods in order to be validated:
API key & API secret
You can use a domain API key and API secret to sign the request. Devo Admin users can find these credentials in Administration → Credentials, in the Access Keys tab. Check the Credentials article for more details.
This method requires three parameters in the request header:
| Parameter | Value | Description |
|---|---|---|
x-logtrust-apikey |
Domain API key | The API key of your Devo domain. Go to Administration → Credentials to find your API key. |
x-logtrust-sign |
HMAC SHA-256 (API key + body message + x-logtrust-timestamp + API secret) |
Signed body as a HMAC SHA-256 using the API secret to sign the concatenation of the API key + body message + timestamp encoded as an hexadecimal string. If the request has an empty body message, the sign will be the concatenation of the API key + timestamp If the signature is not valid, the server will return a 401 Unauthorized HTTP Status error |
x-logtrust-timestamp |
Current timestamp in milliseconds |
Timestamp expressed in milliseconds |
JWT token
You can use a JWT token to authorize your request. This method needs one header parameter:
| Parameter | Value | Description |
|---|---|---|
Authorization |
|
JWT is an open standard that defines a compact and self-contained way for securely transmitting information between parties through tokens. Contact the Devo support team if you want to use this authorization method. |
OAuth token
You can use an OAuth token to authorize your request. This method needs one header parameter:
| Parameter | Value | Description |
|---|---|---|
Authorization |
|
You can generate this token in Devo and use it to restrict query requests to a specific set of data tables. See Credentials to learn how to create them. |