Every request to Gandi's API requires authentication.
The authentication is achieved using an
Authorization header sends with a
Personal Access Token
The personal access token is a configured token from the Gandi Admin application, where scoped permissions and resources has been previously defined at it creation.
To consume an access token, the
Bearer scheme has to be set in the
Here is a dummy example with an access token
abc to get a complete header:
Authorization: Bearer abc
Note that Personal Access Token are restricted on resources and, a token cannot be shared accross multiple organization. Tokens are created in the Account Settings of the Gandi Admin application, then click on "Create a token" button. Note that the organization is chosen and then a form will let you do a fine grained scope for the token.
For security reason, tokens expire and a rolling strategy must be considered to properly consume the Gandi API using Personal Access Token. At the moment, there is no renew mechanism for Personal Access Tokens, the tokens must be recreated using the Organization Admin application.
API Key (Deprecated)
The API Key is the previous mechanism used to do public api calls. They cannot be scoped, they have the same set of permission than the owner of the API Key and users can't have two api keys at the same time.
Say your API Key is
0123456, every request you perform must contain the following HTTP header:
Authorization: Apikey 0123456