Basic authentication is an authentication method supported by the API.
Basic authentication is a standard mechanism for providing authentication to an API. It accepts a username and password.
Specifically to Sunshine Conversations, the username and password comes from API keys. The username is the id and the password is the secret.
API libraries simplify the usage of basic authentication by accepting directly a username
and password
. See their documentation for specific instructions.
The credentials are passed through the HTTP Authorization
header. The content is Basic
, followed by a space, followed by the base 64 of the string that contains the API key id and secret joined by :
.
Pseudo code:
Authorization: Basic base64("keyid:secret")
However, most languages have HTTP libraries offer a way to pass the API key id and secret as the username/password directly.
curl
supports the --user
option to simplify the usage of basic authentication.
# Fetching a user
curl https://api.smooch.io/v2/apps/5963c0d619a30a2e00de36b8/users/c7f6e6d6c3a637261bd9656f \
--user 'keyId:keySecret'
As explained in the authentication overview, each request has an associated scope of access. When using basic authentication, the scope of access is determined implicitly by the owner of the API key used in the request.
API key owner | scope of access |
---|---|
App (most common) | app
- All of the users and conversations created within an app, as well as app configuration details including integrations and webhooks. |
User account | account
- see the
account provisioning guide
for more information |
Service account | account
- see the
account provisioning guide
for more information |