Document toolboxDocument toolbox

Authorizing Query API requests

All Query API requests must employ one of the following authorization schemes to communicate successfully with Devo:

API key & API secret

You can use a domain API key and API secret to sign the request. Devo Admin users can find these credentials in Administration → Credentials, in the Access Keys tab. Check the Security credentials article for more details.

This method requires three parameters in the request header:

ParameterValueDescription

x-logtrust-apikey

Domain API key

The API key of your Devo domain. Go to Administration → Credentials to find your API key.

x-logtrust-sign

HMAC SHA-256 (API key + body message + x-logtrust-timestamp, API secret)

Signed body as a HMAC SHA-256 using the API secret to sign the concatenation of the API key + body message + timestamp encoded as an hexadecimal string. If the request has an empty body message, the sign will be the concatenation of the API key + timestamp

If the signature is not valid, the server will return a 401 Unauthorized HTTP Status error

x-logtrust-timestamp

Current timestamp in milliseconds

Timestamp expressed in milliseconds

OAuth token

You can generate a token in the Administration → Credentials area of Devo to authorize your request. This method needs one header parameter:

ParameterValueDescription

Authorization

Bearer <token>

You can generate this token in Devo and use it to restrict query requests to a specific set of data tables. See Security credentials to learn how to create them.