API key, access token

Hello Everyone,

I have a question about the API key which is a bit confusing for me.

The short story is I am a developer trying to set up a platform for testing strategies for my client.
So basically I just need some permission to do it, firstly access data through the API.

Since everything works with a live account, my client needs to create the API key with that.
I am trying to find out is there a way to build a platform using API without knowing my clients login credentials?

I read the API doc partly and find the API key authorization. So I got confused.
On Github it seems I need only the API key to get a token. That would be perfect, since the key can be restricted so I wouldn’t see any more info then I need.

But on the other hand in the doc request body I found this:
"name": “string”,
"password": “string”,
“appId”: “string”,
“appVersion”: “string”,
“deviceId”: “string”,
“cid”: “string”,
“sec”: “string”

So now I am not sure how could I make it. Can you help me?

@BWeis can you help give us some feedback on this please. Much appreciated.

Did the client generate a Key + Password for you to use?

1 Like

Not yet, we were waiting for the response. So it means we will need a key+password combination right?

So what goes to the request body name and password?
In the doc it was obligatory.

As outlined in that chart, ideally the client would give you an API key with a dedicated password - the intended use is to obscure that client’s real credentials in the case that they are giving this key to a third party such as yourself. In this case you just use the key+password combination that the client generated for you using the API Key with dedicated password option. The password isn’t (or shouldn’t be!) the user’s real master password, so you’re safe to use these values.

1 Like

@BWeis @Alexander Thanks for the reply.
We wanted to make sure that a programmer can work and build with API for a client without having to ask the client for their login credentials. As Alexander has graciously informed us that it is possible, do you have a link or could you please let us know how to create the API key with dedicated password for the programmer, after client has logged into his/her main account. Much appreciated.

In order to make calls using the client’s user account, you need to use credentials created by the client. To have your client create a key that they can then pass on to you (for you or dev to use) you can direct them to How Do I Access the API? and also Understanding How To Change API Permissions Scope may be helpful.

1 Like