Your API keys carry many privileges, so be sure to keep them secret! Do not share your API keys in publicly accessible areas such GitHub, client-side code, etc.
Prior to authenticating your application you will need to complete the following steps:
Pass the API key in the Authorization header and Basiq API version you intend to use, as well as the scope of access you need. The server will validate the key and if everything is successful will issue an access token.
The scope of a
CLIENT_ACCESStoken is restricted and should be used when making any calls directly from the client side.
SERVER_ACCESStoken can be used for all endpoints and has full access to create resources and retrieve data. Never expose a server access token on your client side!
CLIENT_ACCESS tokens must be bound to a userId
Any token generated with a
CLIENT_ACCESSscope must be bound to a
You will get this
userIdby calling Create a user Endpoint.