X-Client-Secret
header to identify the system integrating with the API.Authorization
header to authenticate as a specific organization, in order to gain access to its private data.X-Client-Secret
header. For example X-Client-Secret: uPrO...wxAh
.
Authorization
header. For example: Authorization: Bearer eyJh...sw5c
.
This access token can be obtained by contacting Isometric directly. If you are going to be acting on behalf of other Organizations, they will need to request the access token from us and pass them securely to you.
Access token should be treated as highly sensitive, kept secret and stored accordingly.
Access tokens are scoped to a single Organization - so if you are acting on behalf of multiple particular organizations, you will need to submit the appropriate access token on each request.
Access tokens will expire of 1 year from generation. When you are approaching expiry, a new token will need to be generated and Isometric will guide you through rotating your current access token which will cease to work post-expiry.
If for whatever reason you suspect your access token is compromised, notify Isometric as soon as possible and we will provide a new access token and invalidate the old one.