API authentication
Once you have the API key name and token from Vantage, you can define your API calls, including enabling authentication of a third-party application.
To connect to Vantage through the application programming interface (API), your third-party application must provide the API key name and key token.
The dedicated authentication endpoint is api/v1/keys/sign_in
. This
endpoint is available at the same base uniform resource locator (URL) as the web
user interface (UI). Assuming this base URL
is VANTAGE_URL
, the full authentication URL is https://VANTAGE_URL/api/v1/keys/sign_in
.
- Pass the key name as the user name
- Pass the key token as the password
When Vantage successfully authenticates the calling application, it returns a
JSON web token (JWT). This token allows the application to connect for
30 minutes. After 30 minutes, the JWT expires. When your
application attempts its next transaction, Vantage returns a 401 error
(Unauthorized). To continue to interact with Vantage, your application must
pass the key name and key token to re-authenticate. Vantage generates a new
JWT that allows your application to interact through
the API for the next 30 minutes.
This security precaution means that your calling application must re-authenticate with
Vantage in respond to a 401 error
.
When you need to define API calls, refer to the documentation for your third-party application that you want to perform actions in Vantage.