Securing the API
Managing consumers
The API generated from your dataset can be accessed by using basic authentication or API key authentication. Select the authentication method in the API configuration form when adding the allowed consumers.
- For basic authentication, define a username and password for your consumer.
To call the API, you need to add an Authorization header. The value should be Basic followed by the string username:password encoded in Base64. For example: Basic dXNlcm5hbWU6cGFzc3dvcmQ=.
- For API key authentication, use the generated key in the header of your request.
To call the API, you need to add an Authorization header. The value should be Token followed by the API key generated during the API configuration. For example: Token apic.data-api_3KF0MT_EalJeneqZZC3BVTm9J3ft6s66vAb3g_EgI0K7.
Using HTTPS
If you are using a dataset with a Remote Engine Gen2 connection, you can set up HTTPS for your API. You can do this by updating the NGINX configuration in the default/nginx folder in the Remote Engine Gen2 directory.
To help you set up a basic HTTPS configuration, the default/nginx/nginx.conf file includes a commented example of configuration.
- Comment the following
line:
listen 9102; # Do not change this port number - Uncomment the following
lines:
# listen 9103 ssl; # Do not change this port number # ssl_certificate cn.crt; # The name of your public certificate file. Put it next to this nginx.conf # ssl_certificate_key cn.key; # The name of your private key file. Put it next to this nginx.confThe .crt and .key files must be located in the default/nginx folder.
- Make sure that the names referenced in default/nginx/nginx.conf for the .crt and .key files correspond to your actual file names.