Versions Compared

Old Version 28

changes.mady.by.user Balázs Mészégeto

Saved on

compared with

New Version 29

changes.mady.by.user Balázs Mészégeto

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

API supports reading data using "API-key". This access mode intended to be used by a person for reading ad-hoc data and/or recurring API-calls such as dashboards, PowerQuery (Excel, PoweBI), etc. It does not intended to be used for machine-to-machine communication

Keys can be generated as described here: Power Query#3.-Credentials/Login

...

  • It only supports reading operations
  • An API-key is valid for a single project. A user may generate multiple API-keys for accessing different project. Generating API-Key twice for the same project will result in same key.
  • API-Keys keys belong to a single user and are confidential, thus should not be shared
  • API-key does not intended to be used for machine-to-machine communication and should not be used as such

Technical description

One should send API-key with each HTTP request as standard Authorization header with Reference scheme

Authorization: Reference <API-key>

Whenever possible we recommend using Reference scheme whenever possible. As Note that many clients does not allow setting Authorization headers (for example Excel or pasting URL into browser's address bar), but will prompt for inputting username and password when server sends "Unauthorized" respond. Such prompt will result sending request with Authorization header with Basic scheme. So as a fallback, the application also accepting API-key encoded as Authorization header with Basic scheme, where username is a constant apikey and password is the API-key. The wire format will thus look like the following:

Authorization: Basic base64urlencode(apikey:<API-key>)


Note that many clients (for example Excel or browsers) will prompt users for inputting username and password if a request is sent without Authorization header and will result re-sending request with Authorization header with Basic schemeThis is just an illustration, we recommend using Reference scheme whenever possible. Using API-key encoded in Basic scheme is unnecessary if clients have full control over request headers.

Providing database and projectId

All API endpoints should provide database and project id as part of the url. E.g. https://api-xyz.com/database/projectId/api/rooms

[Deprecated] Providing database and projectId in

...

Authorization header with Basic scheme   

When using HTTP Authorization header Basic scheme, it is possible to provide the following parameters for scheme's "username", separated by slash. This is deprecated in favour of path. For example:

HTTP GET /api/rooms

Authorization: Basic base64base64urlencode(my-database/01/my-username/en:mypassword)

...