Quantraum logo

Quantraum

Authentication

API Keys

Abstract

All Quantraum APIs use API keys. API keys are like passwords. There are strings of characters that you will need to provide to a plugin, a piece of software or an HTTP request, in order to get it to work.

The goal of API keys is to tie a usage to a user, for different purposes:

  • State management
  • Payment
  • Authentication
  • Authorisation

You can manage your account's API keys on the Quantraum API keys management page.

Creation

When you create an API key, you may select claims. Claims are basically what your API key is allowed to do. As a security principle, you should always grant minimum privileges and select only the claims that your application requires.

Your API key is generated by Quantraum and will be shown to you once and once only. You need to keep in mind that an API key, just like a password is a secret and should be kept safe. You should not expose it in a client application, unless you know exactly what you are doing.

A good practice consists in running API requests on your own backend, where your API keys can remain secret.

Usage

The API key is always to be provided through the X-Quantraum-Auth header.