You'll need to authenticate your requests to access any of the endpoints in the Openfort API. In this guide, we'll look at how authentication works.

You authenticate to the Openfort API by providing one of your API keys in the request. You can manage your API keys from your account. You can have multiple API keys active at one time. Your API keys carry many privileges, so be sure to keep them secret!

With basic authentication, you use your username and password to authenticate your HTTP requests. Authentication to the API is performed via HTTP Basic Auth. Provide your API key as the basic auth username value. You do not need to provide a password.

All API requests must be made over HTTPS. Calls made over plain HTTP will fail. You must authenticate for all requests.

Authenticated request

curl \
  # curl uses the -u flag to pass basic auth credentials
  #(adding a colon after your API key will prevent it from asking you for a password).

Please don't commit your Openfort password to GitHub!

You can find your YOUR_SECRET_KEY from the Openfort dashboard.

Using an SDK

If you use one of our official SDKs, you won't have to worry about any of the above — fetch your YOUR_SECRET_KEY from the Openfort dashboard under API settings, and the client library will take care of the rest.