Authentication
Weavr Back-Office API uses an API key as account authentication:
- Account authentication is used to identify and authenticate you. All API requests require account authentication using your API Key.
Weavr authenticates your API requests using your API keys. If you do not include your key when making an API request or you include an invalid API key, Weavr will respond with a 401 - Unauthorized HTTP error.
When you open a Sandbox account, Weavr generates keys for you. You can use these keys in the Sandbox environment only. These are different from the keys for the Live environment, which you will receive later.
Weavr will provide you with two types of keys API key and UI key. For your back-office API you should use the API key:
- You use the API key to authenticate yourself when you make API requests. You should keep this key secret and should only store it securely on your servers. You should never use this key to call Weavr’s APIs directly from the UI.
Obtaining Your Keys
We generate your keys automatically when you open your account. You can find your keys in the Weavr Innovator Portal. Remember that we will generate a different set of keys for you when you upgrade your account to the Live environment.
*In total, you will have 4 keys: an API key and a UI key for the Sandbox environment and an API key and a UI key for the Live environment. You must use the API key with the Back-Office API *
Using Your Keys
You should include the API key in the header of every API request. The name of the header is api-key and its value should be your API key.
Calling the Back-Office APIs
Before running any API call from the Back-Office API set, you will need to obtain a token representing the given identity. This token can be obtained through the access_token method.