Authorizing REST API requests
All REST API requests must employ one of the following authorization schemes to communicate successfully with Devo:
API key & API secret
You can use a domain API key and API secret to sign the request. Devo Admin users can find these credentials in Administration → Credentials, in the Access Keys tab. Check the Security credentials article for more details.
This method requires three parameters in the request header:
|Domain API key|
The API key of your Devo domain. Go to Administration → Credentials to find your API key.
|HMAC SHA-256 (API key + body message + |
Signed body as a HMAC SHA-256 using the API secret to sign the concatenation of the API key + body message + timestamp encoded as an hexadecimal string. If the request has an empty body message, the sign will be the concatenation of the API key + timestamp
If the signature is not valid, the server will return a 401 Unauthorized HTTP Status error
Current timestamp in milliseconds
Timestamp expressed in milliseconds
You can use a JWT token to authorize your request. This method needs one header parameter:
JWT is an open standard that defines a compact and self-contained way for securely transmitting information between parties through tokens. Contact the Devo support team if you want to use this authorization method.
You can generate a token in the Administration → Credentials area of Devo to authorize your request. This method needs one header parameter:
You can generate this token in Devo and use it to restrict query requests to a specific set of data tables. See Security credentials to learn how to create them.