API | Authentication
Authentication Overview
There are two types of users of the EasiTrace system, Service Providers and Applications. Service Providers are organisations which develop the software which integrate with EasiTrace and Applications are the software which have been developed by Service Providers. A single Service Provider can register many Applications if they wish to do so.
The mechanism which is used for users to authenticate with EasiTrace is the same whether you are calling the API as a Service Provider or Application, the access key associated with the user is provided in one of the X-API-Key
, X-ServiceProvider-API-Key
or X-Application-API-Key
headers of the request. The only difference between Service Providers and Applications in this regard is how to retrieve the API key in the first place.
NB: The X-API-Key
header is deprecated and will be removed in the future.
Service Provider Authentication
You can authenticate as a Service Provider specifically using the X-ServiceProvider-API-Key
header, which will give you access to only those endpoints which are accessible for a Service Provider.
Application Authentication
You can authenticate as a specific Application using the X-Application-API-Key
header, which will give you access to only those endpoints which are accessible for a given Application.
API Key Generation
Service Providers will need to contact Rezare to get an API key generated for them, whereas Service Providers can use the API to generate access keys for the Applications which they create (see the Requesting Access Key section below for more details). These keys are encrypted in the database in such a way that they cannot be decrypted again. Store the keys in a safe place so you don’t lose them. If, however, you do lose them, new access keys will need to be generated.
API Access
Applications will be the main type of user who will be accessing EasiTrace and as such has access to most of the available endpoints, however, Service Providers do have sole access over a few endpoints. The lists below describe the endpoints to which each type of user has access.
Service Providers
- /api/service-providers/…
- /api/applications/…
Applications
- /api/applications/{applicationId}/callbacks/…
- Every other endpoint to which a Service Provider does not have access