Authentication

Access to all API endpoints can be accomplished with either an access key and secret access key or a JSON Web Token (JWT). The API is only available for HTTPS connections.

Access keys

You can generate access keys on your account page. Go to Account > API access and create a new API key pair.

  • Select the role you want to assign.
  • Enter an optional description.
  • If your account belongs to multiple customers, you can additionally select the customer.

Store the ${ACCESS_KEY} and ${SECRET_ACCESS_KEY} in your password manager.

Basic authentication

Basic authentication can be used for build services like Jenkins or GitHub.

curl --user ${ACCESS_KEY}:${SECRET_ACCESS_KEY} https://ninkik.com/api/whoami

Signed header

Signed headers should be used if you want to develop your own ninkik client. Use the HTTP header X-Authorization-Access and X-Authorization-Secret to pass the previously generated key pair.

curl -H "X-Authorization-Access: x3xWJg2UzwjRXJsczPFY" -H "X-Authorization-Secret: 2SwR1lW1vdYbn83Vpxu6" https://ninkik.com/api/whoami

At the moment there is no signing enabled.

License key

A common request is to check for newer versions of a software. In case of Gumroad you are not able to implement such feature in an easy way. Your application can use ninkik's API to retrieve the latest versions of a product by authenticating with the license key and license owner's email address.

curl -H "X-License-Owner: me@buyer.com" -H "X-License-Key: 1234-5678-90AB-CDEF" https://ninkik.com/api/whoami

In your app, you can let the user enter his email address and license key and check for updates.

JWT

TBD