UNS API Authentication

Introduction

UNS API uses API keys to authenticate requests.

Your API keys carry many privileges, so be sure to keep them secure! The authentication system has been designed to be a backend service connecting to UNS API, do not share your secret API keys in publicly accessible areas such as GitHub, client-side code, and so forth.

As UNS API is designed around a RESTful API architecture, the API Keys are intended to be used per request, as UNS API does not store any state.

All API requests must be made over HTTPS. Calls made over plain HTTP will fail. API requests without authentication or badly configured authentication will also fail.

Authentication Format

The UNS API checks for request headers to authenticate and authorise the API request.

{
  "X-API-KEY": "your-api-key",
  "X-ORG-CODE": "your-org-code"
}

You need to provide both fields with the correct values in order to authenticate and authorise the API request, otherwise, you will be thrown a 401 response.

OAuth Authentication Formats

Additionally, when requesting the access token for a given name, the requests need to have the client_id and the client_secret in the body request

{
  "client_id": "<your_client_id>",
  "client_secret": "<your_client_secret>"
}