API Authentication
Each request to the Kimiko Events API must be authenticated. There are two ways to authenticate requests:
- API Key Authentication
- Token Authentication
API Key Authentication
API Keys can be found in the Kimiko Console under Settings > Developer > API Keys. There are two types of API Keys - public and private. When using API Key authentication, you will also need your Account Id which can be found in the Kimiko Console under Settings.
To use API Key Authentication, add you just need to add two arguments to the request URI parameters.
| UI Parameter | Value |
|---|---|
| api_key | An API key found in Kimiko Console > Settings > Developer |
| account_id | You Kimiko Account Id found in Kimiko Console > Settings |
For example, a request to the Trigger API using an API Key would look like:
POST https://trigger.kimiko.io?api_key=<your_api_key>&account_id=<your_account_id>
Public vs Private API Keys
Most Kimiko APIs require private API Keys. However, there are certain APIs (notably the Trigger API) that allows for public key authentication. When your API Key cannot be kept secret (i.e. it’s used in front-end code), you should use a public key.
In the future, Kimiko will have “scoped” keys where you can have more precise restrictions on how API keys are used, however for now please make sure to keep you Private API keys secure.
Token Authentication
The second way to authenticate Kimiko Requests is to use a Kimiko Token. When using a token, you will add the token to the header of the request as a part of the Authorization parameter.
| Header Parameter | Value |
|---|---|
| Authorization | Bearer <token> |
Currently, tokens are generated when executing actions on Kimiko. The HTTPS Action specifically has an option to “include Kimiko token” which will send a token in the header of the request using the format above. This is useful if you want to send a request to your server and then use the token sent to make additional requests to Kimiko APIs.