API Authentication
All access to the API requires a Client Key / Secret. This can be used on each request, or to request a JWT Token that can be used on subsequent requests.
Authentication information should never be included in the URL query string.
Client Key / Secret
The Client Key / Secret is passed as a JSON object
ClientKey string
ClientSecret string
eg: {"ClientKey":"[key value]","ClientSecret":"[secret value]"}
When using the Client Key/Secret on each request, the value is passed in the request header with the key "Eagle-Api-Key" so the custom headers for an API request would appear as:
| Header | Value |
| api-version | 1.0 |
| Eagle-Api-Key | {"ClientKey":"[key value]","ClientSecret":"[secret value]"} |
c#
var client = new HttpClient();
var request = new HttpRequestMessage(HttpMethod.Get, "https://acme-connect.contracteagle.com/api/api-info");
request.Headers.Add("api-version", "1.0");
request.Headers.Add("Eagle-Api-Key", "{\"ClientKey\":\"mykey\",\"ClientSecret\":\"mysecret\"}");
var response = await client.SendAsync(request);
response.EnsureSuccessStatusCode();
JWT Token
The initial request to get a JWT Token is to the api/request-token endpoint.
This request is a POST request and the Client Key/Secret JSON is passed as a request header as above.
c#
var client = new HttpClient();
var request = new HttpRequestMessage(HttpMethod.Post, "https://acme-connect.contracteagle.com/api/request-token");
request.Headers.Add("api-version", "1.0");
request.Headers.Add("Eagle-Api-Key", "{\"ClientKey\":\"mykey\",\"ClientSecret\":\"mysecret\"}");
var response = await client.SendAsync(request);
response.EnsureSuccessStatusCode();
If successful, the request will return the JWT token as the body of the response - the token is the only content of the response.
On subsequent requests, the token is passed in the header using standard bearer token format - i.e. a header key of "Authorization" and the value of "Bearer [token]". eg:
c#
request.headers.add("Authorization" $"Bearer {token}");