Authentication
API Token
The Unmand API uses API tokens to authenticate requests. You may also be used to referring to these as API Keys.
- All Unmand projects have an API Token.
- An API Token authenticates access to a single project.
- No other project information is required when the API Token is used for authentication.
Token Management
You can view and manage your API token in the Project configuration page on the Unmand Portal. Navigate to the project Configuration section for a given project. The API token is shown under the Details tab.
Select Regenerate Token to refresh the API token. A token can be regenerated at any time.
Your API tokens carry many privileges, so be sure to keep them secure! Do not share your secret API tokens in publicly accessible areas such as your GitHub repositories, client-side code, or other vulnerable locations.
Regenerating a token will immediately disable any existing tokens currently in use.
All API requests must be made over HTTPS. Calls made over plain HTTP will fail. API requests without authentication will also fail. Authentication to the API is performed via header authorization - you do not need to provide a password.
Example
- Python
- cURL
import requests
from requests.auth import AuthBase
class TokenAuth(AuthBase):
"""Implements a custom authentication scheme."""
def __init__(self, token: str):
self.token: str = token
def __call__(self, r: requests.PreparedRequest):
"""Attach an API token to a custom auth header."""
r.headers['Authorization'] = self.token
return r
# Example request using TokenAuth class
response: requests.Response = requests.get('https://swarm.unmand.app/example', auth=TokenAuth(API_TOKEN))
# We recommend setting up a variable for API_TOKEN to avoid leaving your token in the shell history, which should be avoided.
curl -H "Authorization: $API_TOKEN" https://swarm.unmand.app/example