Securing your HTTP requests is paramount in ensuring the integrity and confidentiality of data exchanged between clients and servers. Authentication, whether through tokens or API keys, plays a pivotal role in verifying the legitimacy of requests. In this guide, we'll explore the fundamentals of setting up authentication for HTTP requests, focusing on Token and API Key Authentication.

Authentications Methods

Token Authentication

If you are reading this guide, you are more likely interested in API key authentication, which is the recommended form of authentication for API integration. Token authentication within the RoutiGo system is used for authentication of users. Across our platform in the several dashboards and in the mobile applications we use firebase authentication. Firebase handles access tokens and authentication. Authorization is integrated within our services. In order to obtain an access token you will first need to register an account. This is done through the user management in the planner dashboard. Once an account is registered you will be able to log in using the Google identity toolkit. This is available on most platforms as a dependency. The identity toolkit will require a key to a domain in order to refer to our firebase instance. If you are sure you require token authentication, then please get in contact with us to obtain these. For how to acquire a token, please refer to the Google identity toolkit documentation; Once you've obtained the token you can authenticate your requests by providing said token with the "Bearer " prefix by adding it to the Authentication header. From there our system will take care of validation of the users' permissions.

API Key Authentication

The vast majority of integrations are done using API key authentication. This form of authentication is recommended for any form of systematic action. API key authentication involves setting a header on every request containing your API key. Within the RoutiGo system two types of API keys exist. Regular API keys, which have similar access to what a planner account has, and Supplier API keys, which have permissions only for a specific supplier, similar to supplier users. The header key to use depends on the type of key you are using, X-API-KEY or X-SUPPLIER-API-KEY respectively. In order to obtain an api key please contact us. The most approachable way of doing so is through our chat which you can find at the bottom right on our website and dashboard.