Skip to content
On this page

Authentication

The Netzo API currently supports the following authentication methods:

  • API key: used to authenticate external requests (recommended)
  • Bearer token: used internally by the Netzo Web Application

API Key Authentication

To make a request, you need to create an API key and provide it in either:

  • 'x-api-key' header for example { 'x-api-key': API_KEY } (recommended)
curl -H "x-api-key: API_KEY" https://api.netzo.io/services
fetch('https://api.netzo.io/services', {
  headers: { 'x-api-key': 'API_KEY' },
})
  • apiKey query parameter for example /services?apiKey=${API_KEY}
curl -H "Content-Type: application/json" -X GET https://api.netzo.io/services?apiKey=API_KEY
fetch('https://api.netzo.io/services?apiKey=API_KEY')

API keys identify applications

API keys are workspace-scoped so requests will be limited to the resources of the authenticated workspace (that which owns the API key).

Bearer Token Authentication

Authenticating HTTP requests in this way is a two step process. First you have to obtain a valid JWT from the authentication service by POSTing the strategy you want to use. This however is not meant to be used for external requests to the API. Use API key authentication instead.

Access tokens identify users

Bearer tokens are user-scoped so requests will be limited to resources across all of the authenticated user's workspaces. The JWT will also expire after 24 hours, making it less convenient to use than API keys.

Authentication has loaded