Introduction

Onidel’s API uses API tokens to authenticate and authorize requests. An API token acts as a secure credential that allows you to interact programmatically with the Onidel platform. Each API token carries the same permissions as the user who generated it. For this reason, tokens should be treated with the same level of security as your account credentials. By including your API token in requests, you can manage infrastructure, automate workflows, and integrate Onidel services directly into your applications.

Create API token

To create an API token:
  1. Navigate to Account Settings.
  2. Select the API Key tab.
  3. Copy the generated API key.
Click the Rotate button to expire this key and generate a new one.

Authenticate

To authenticate your request with Onidel, include the token in the Authorization header: 
curl -vv https://api.cloud.onidel.com/ -H "Authorization: Token <YOUR_TOKEN>"

Security Best Practices

Keep your token secure

Never share your API token publicly or include it in client-side code that can be accessed by users.

Whitelist trusted IPs only

Configure IP whitelisting to restrict access to known and trusted IP addresses. This adds an additional layer of security, ensuring that only trusted sources can access the API.

Rotate your API token regularly

Periodically regenerate your API token to minimise the impact of potential exposure.

Use environment variables

Store your API token in environment variables or a secure secret manager to keep it out of your codebase.