All of the SkyKick API endpoints require authentication. SkyKick API's use the OAuth 2.0 Client Credentials Grant flow to generate access tokens. The access token is then provided for all other API operations as a bearer token.

Getting Access to a Developer API Product

As a partner you can login to the Partner Portal then navigate to the Admin > Manage Users. You can either edit an existing user and enable developer access for them or you can create a new user with developer access here. After a user has the developer product enabled they can login to this portal.

As a distributor you can contact your account manager or login to the Distributor Portal then navigate to Settings > API Management section. Here you can create a new API user or view your existing API user information.

Getting a User's ID and Subscription Key

As a partner you can login to the Partner Portal then navigate to the admin section. The user’s API information is in the Developer API Access section.

As a distributor you can login to the Distributor Portal and then navigate to Settings > API Management. Here you can see your users and their API credentials.

Important Note: Always treat a user’s subscription key as sensitive information. It shouldn’t be shared via insecure means such as email, http, etc. or included in client-side code (javascript).

Important Note: Always treat a user’s subscription key as sensitive information. It shouldn’t be shared via insecure means such as email, http, etc. or included in client-side code (javascript).

Generating an Authentication Request

When requesting an access token from the authentication operation there are a few pieces of information that must be provided.

The token endpoint requires a Basic Authorization header where the username is the user’s API user ID and the password is the user’s subscription key (either the Primary or Secondary will work). The endpoint also requires a Ocp-Apim-Subscription-Key custom header where the value is the user’s subscription key. The final header required header is a Content-type header and the value must be set as application/x-www-form-urlencoded.

The request body should be of the format grant_type=client_credentials&scope={Product} where {Product} can be replaced with whichever product you’re attempting to use (usually Partner or Distributor).

Receiving an Authentication Response

As a part of the response we include the access_token, which is the bearer token that will be used for future API calls. The other part of the response is the expires_in value, which indicates how long the token is valid for.

Token Caching and Reuse

It’s important to cache and reuse the token received from the API response. There are several reasons for this.

  • The SkyKick API has strict rate limits on the auth operation, if too many requests are made in too short of a span the requests will fail.

  • If prior to every API call, a new bearer token is being received, the application will have a significant degradation of performance.

Using an Access Token

The bearer token will be used on all other SkyKick API calls. This can be done by including the Authorization header with the value Bearer {BearerToken}, where {BearerToken} will be replaced with the access token. The request must also have the custom header Ocp-Apim-Subscription-Key with the value being a valid subscription key.

Samples

Getting an Access Token

Assume user ID4f3d7c7bd74649b9a798ab8f8e8c6b81and subscription key 1476aca794464056ba8aa6a1a9f921da

  1. Concatenate user ID and subscription key with a colon 4f3d7c7bd74649b9a798ab8f8e8c6b81:1476aca794464056ba8aa6a1a9f921da

  2. Base-64 encode it NGYzZDdjN2JkNzQ2NDliOWE3OThhYjhmOGU4YzZiODE6MTQ3NmFjYTc5NDQ2NDA1NmJhOGFhNmExYTlmOTIxZGE=

  3. Use the encoded value in the Authorization header Basic NGYzZDdjN2JkNzQ2NDliOWE3OThhYjhmOGU4YzZiODE6MTQ3NmFjYTc5NDQ2NDA1NmJhOGFhNmExYTlmOTIxZGE=

Example Response:

{     
      "access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIn...Zd7YOBcBowYV7tQNPloUAQNtjo93lBPLJV1whe2ndHA",     
      "expires_in": 3600,     
      "token_type": "Bearer" 
}
Using an Access Token

In order to use the bearer token obtained using the steps above, do the following:

  1. Add Authorization header with value Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIn...Zd7YOBcBowYV7tQNPloUAQNtjo93lBPLJV1whe2ndHA

  2. Add Ocp-Apim-Subscription-Key header with the value 1476aca794464056ba8aa6a1a9f921da.

  3. The body of the request would depend on the operation being used.

Workflow