Authentication using API keys

How to authenticate with a sensenet repository using API keys

Unless you are working with publicly available content - like blog posts - it is necessary to make authenticated calls to the sensenet repository to access content items. In this article you'll see how you can configure 3rd party applications and services to make authenticated requests to the repository without having to modify their code.

How it works

An API key is a string token that represents a user in the repository. If you authenticate with an api key, all your requests will be made in the name of that user. You can simply provide the token in the url or in the header of an HTTP request.

You can get and manage API keys using the following OData actions:

Get all API keys
GET https://example.com/odata.svc/Root/IMS/Public/('User1')/GetApiKeys
Create an API key
POST https://example.com/odata.svc/Root/IMS/Public/('User1')/CreateApiKey
Delete an API key
POST https://example.com/odata.svc/Root/IMS/Public/('User1')/DeleteApiKey
POST https://example.com/odata.svc/('Root')/DeleteApiKey
{
'apiKey': 'abcd'
}
Delete API keys of a user

This is an administrator-only action.

POST https://example.com/odata.svc/Root/IMS/Public/('User1')/DeleteApiKeys
Delete all API keys

This is an administrator-only action.

POST https://example.com/odata.svc/('Root')/DeleteApiKeys

Sending requests

If you have an API key, you'll be able to send authenticated requests to the server. The permission level of the request is determined by the API key: it represents a user in the content repository.

You can provide the API key in two ways:

In the url
GET https://example.com/odata.svc/Root/Content/MySecureFolder?apikey=abcd
In the request header
apikey=abcd

To learn more about the client API we offer for .Net developers and example requests you can make from a .Net Core client application, please visit the following articles: