Authentication
Raisely employs stateless authentication across the API. You can connect to the API as an admin, or as one of your users.
Authentication
Every requests to the API is authenticated by access tokens. You should pass these tokens through the header of every request as:
Authorization: Bearer {your access token}
For convenience, tokens can also be appended as a query parameter. This should only be used for testing and debugging. For example:
http://api.raisely.com/v3/campaigns?access_token={your access token}
There are two ways you can get a token from Raisely:
Campaign Private Key
In your campaign admin head to Settings > Developers to find your campaign private key. This key gives your application admin access to the campaign. For authorisation purposes, any requests using the campaign private key will be the first organisation admin (ORG_ADMIN).
User JWTs
If you're using the API to authenticate end-users, the login routes will provide you with a JWT you can use to authenticate future requests. This token will provide access to public resources, or documents owned by that user.
User Types & Permissions
The following user types exist for authentication purposes.
System Name | Description |
---|---|
ORG_ADMIN | An administrator of the organisation. |
PARTICIPANT | A normal user that has signed up to one of your campaigns. |
ANYONE | Any authenticated or unauthenticated user. |
The documentation indicates which of these may access an endpoint. In many cases, a participant may only access an endpoint if they are the owner of the resource (eg. a user may only list their own cards).
Updated almost 4 years ago