Authorizing Query API requests
All Query API requests must employ one of the following authorization schemes to communicate successfully with Devo:
API key & API secret
You can use a domain API key and API secret to sign the request. Devo Admin users can find these credentials in Administration → Credentials, in the Access Keys tab. Check the Security credentials article for more details.
This method requires three parameters in the request header:
Parameter | Value | Description |
---|---|---|
| Domain API key | The API key of your Devo domain. Go to Administration → Credentials to find your API key. |
| HMAC SHA-256 (API key + body message + | Signed body as a HMAC SHA-256 using the API secret to sign the concatenation of the API key + body message + timestamp encoded as an hexadecimal string. If the request has an empty body message, the sign will be the concatenation of the API key + timestamp If the signature is not valid, the server will return a 401 Unauthorized HTTP Status error |
| Current timestamp in milliseconds | Timestamp expressed in milliseconds |
OAuth token
You can generate a token in the Administration → Credentials area of Devo to authorize your request. This method needs one header parameter:
Parameter | Value | Description |
---|---|---|
|
| You can generate this token in Devo and use it to restrict query requests to a specific set of data tables. See Security credentials to learn how to create them. |