...
API supports reading data using "API-key". This access mode intended to be used by a person for reading ad-hoc data and/or recurring API-calls such as dashboards, PowerQuery (Excel, PoweBI), etc. It does not intended to be used for machine-to-machine communication
Keys can be generated as described here: Power Query#3.-Credentials/Login
...
- It only supports reading operations
- An API-key is valid for a single project. A user may generate multiple API-keys for accessing different project. Generating API-Key twice for the same project will result in same key.
- API-Keys keys belong to a single user and are confidential, thus should not be shared
- API-key does not intended to be used for machine-to-machine communication and should not be used as such
Technical description
One should send API-key with each HTTP request as standard Authorization header with Reference
scheme
Authorization: Reference <API-key>
Whenever possible we recommend using Reference scheme whenever possible. As Note that many clients does not allow setting Authorization headers (for example Excel or pasting URL into browser's address bar), but will prompt for inputting username and password when server sends "Unauthorized" respond. Such prompt will result sending request with Authorization header with Basic scheme. So as a fallback, the application also accepting API-key encoded as Authorization header with Basic scheme, where username is a constant apikey
and password is the API-key. The wire format will thus look like the following:
Authorization: Basic base64urlencode(apikey:<API-key>)
Note that many clients (for example Excel or browsers) will prompt users for inputting username and password if a request is sent without Authorization header and will result re-sending request with Authorization header with Basic schemeThis is just an illustration, we recommend using Reference scheme whenever possible. Using API-key encoded in Basic scheme is unnecessary if clients have full control over request headers.
Providing database and projectId
All API endpoints should provide database and project id as part of the url. E.g. https://api-xyz.com/database/projectId/api/rooms
[Deprecated] Providing database and projectId in
...
Authorization header with Basic scheme
When using HTTP Authorization header Basic scheme, it is possible to provide the following parameters for scheme's "username", separated by slash. This is deprecated in favour of path. For example:
HTTP GET /api/rooms
Authorization: Basic base64base64urlencode(my-database/01/my-username/en:mypassword)
...