Authentication

Access to all API endpoints can be accomplished with either an access key and secret access key or a JSON Web Token (JWT). The API is only available for HTTPS connections.

Access keys

You can generate access keys on your account page. Go to Account > API access and create a new API key pair.

  • Select the role you want to assign.
  • Enter an optional description.
  • If your account belongs to multiple customers, you can additionally select the customer.

Store the ${ACCESS_KEY} and ${SECRET_ACCESS_KEY} in your password manager.

Basic authentication

Basic authentication can be used for build services like Jenkins or GitHub.

curl --user ${ACCESS_KEY}:${SECRET_ACCESS_KEY} https://ninkik.com/api/whoami

Signed header

Signed headers should be used if you want to develop your own ninkik client. Use the HTTP header X-Authorization-Access and X-Authorization-Secret to pass the previously generated key pair.

curl -H "X-Authorization-Access: x3xWJg2UzwjRXJsczPFY" -H "X-Authorization-Secret: 2SwR1lW1vdYbn83Vpxu6" https://ninkik.com/api/whoami

At the moment there is no signing enabled.

JWT

TBD