Here are the steps you need to follow to authorize your requests to the API:
- Get an API key. This should be provided by your organization administrator.
- Make a
POST
request to the/api/authenticate
endpoint including your api key in the body as shown in the example. - If the request is successful, it should return a JSON response containing
{"session_token": YOUR_SESSION_TOKEN}
- For subsequent requests, include an
Authorization
header that only contains the wordbearer
and your token, like:Bearer YOUR_SESSION_TOKEN
- That should allow you to hit any of the available endpoints as shown in the final example to the right.
As a preventive measure, if you're building a client to consume the GDX API, avoid modifying your TLS-initiating application to only trust Starfield C2 as it will no longer be included in certificates generated by ACM, which we use. For more information about this, read this article
Example body for POST /api/authenticate
:
{
"api_key": "YOUR_128-CHARACTER_LONG_API_KEY"
}
Example response:
{
"session_token": "JWT-like token"
}
Subsequent request example:
$ curl \
-X GET https://production-api.garmatsprayboothcustomers.com/booths \
-H "Authorization: Bearer JWT-like-token" \