« Back to Contents

EasiTrace API Authentication

Overview

There are two types of users of the EasiTrace system:

• Service Providers; and
• Applications.

Service Providers are organisations which develop the software which integrates with EasiTrace and Applications are the software which have been developed by Service Providers. A single Service Provider can register many Applications if they wish to do so.

The mechanism which is used for consumers to authenticate with EasiTrace is the same whether you are calling the API as a Service Provider or Application. The access key associated with the user is provided in one of three headers:

• X-API-Key
• X-ServiceProvider-API-Key; or
• X-Application-API-Key

The only difference between Service Providers and Applications in this regard is how to retrieve the API key in the first place.

Note: The X-API-Key header is deprecated and will be removed in the future.

Service Provider Authentication

You can authenticate as a Service Provider specifically using the X-ServiceProvider-API-Key header, which will give you access to only those endpoints which are accessible for a Service Provider.

Application Authentication

You can authenticate as a specific Application using the X-Application-API-Key header, which will give you access to only those endpoints which are accessible for Applications.

API Key Generation

As noted above there are effectively two levels of authentication, both requiring different methods to obtain the API keys.

Service Providers

Service Providers will need to contact Map of Agriculture to get an API key generated for them, which once generated we are unable to retrieve. If the API key is lost we will need to re-generate it for you.

Applications

As a Service Provider, you can use the API to generate API keys for the Applications which you create. These keys are encrypted in the database such that we are unable to retrieve them. Please store the keys in a safe place so you don’t lose them.

If, however, you do lose them, new access keys will need to be generated.

API Access

Applications will be the main type of user who will be accessing EasiTrace and as such has access to most of the available endpoints, however, Service Providers do have sole access over a few endpoints. The lists below describe the endpoints to which each type of user has access.

Service Providers

• /api/service-providers/…
• /api/applications/…

Applications

• /api/applications/{applicationId}/callbacks/…
• Every other endpoint to which a Service Provider does not have access