Authentication

Every request to Gandi's API requires authentication.

The authentication is achieved using an Authorization header sends with a scheme.

Personal Access Token

The personal access token is a configured token from the Gandi Admin application, where scoped permissions and resources has been previously defined at it creation.

To consume an access token, the Bearer scheme has to be set in the Authorization header.

Here is a dummy example with an access token abc to get a complete header:

Authorization: Bearer abc

Note that Personal Access Token are restricted on resources and, a token cannot be shared accross multiple organization. Tokens are created in the Account Settings of the Gandi Admin application, then click on "Create a token" button. Note that the organization is chosen and then a form will let you do a fine grained scope for the token.

For security reason, tokens expire and a rolling strategy must be considered to properly consume the Gandi API using Personal Access Token. At the moment, there is no renew mechanism for Personal Access Tokens, the tokens must be recreated using the Organization Admin application.

Finally, for the sandbox usage, the token has to be created in the Gandi Sandbox Admin.

API Key (Deprecated)

The API Key is the previous mechanism used to do public api calls. They cannot be scoped, they have the same set of permission than the owner of the API Key and users can't have two api keys at the same time.

You can generate or delete your production API key from the API Key Page (in the Security section). (Sandbox Version is here)

Say your API Key is 0123456, every request you perform must contain the following HTTP header:

Authorization: Apikey 0123456