Authentication

API keys

Once the key is generated, please copy and store it immediately. We will not be able to show this API key again in the future, as we don't store API keys in plain text for security reasons. If you lose it, you will have to replace it with a new API key.

Provide your API key in an X-API-Key header, together with your request payload, where XXXX is your token:

X-API-Key: XXXX
Content-Type: application/json
Accept: application/json

Use the following base URL for all API endpoints (subject to change):

https://app.ocoya.com/api/_public/v1

Using API keys on the client-side

API keys are designed for server-side usage and they should not be used directly on the client-side making AJAX calls because then they will be exposed publicly. We advise you to make all requests on the server-side due to security concerns.

Authentication errors

You might encounter validation errors as follows.

If you fail to provide a token, you'll get this response on all requests:

Response Code: 401 Unauthorized
Content-Type: application/json

{
  "message": "Missing API token."
}

If you provide an invalid token, you might encounter validation errors when sending requests to API endpoints. They will come in the following format:

Response Code: 403 Forbidden
Content-Type: application/json

{
  "message": "Invalid API token."
}

Last updated 3 months ago