Authentication

Authentication

The Mono API authenticates your API requests using API keys, API key authentication is a common method for secure access to an API. In our context, clients authenticate themselves to access specific resources or perform certain actions.

To generate or delete API keys for Mono API, clients will need to log in to their account through the Mono Dashboard and navigate to the API key management section. From here, they should be able to create new API keys or revoke existing ones as needed.

Once a client has an API key, they can use it to authenticate themselves when accessing API resources. This is done by including the API key as an Authorization header in the API request. For example:

Authorization: Bearer <API_KEY>

When the API receives a request with an API key in the Authorization header, it will verify the key to ensure that the client is authorized to access the requested resource. If the key is valid and has the necessary permissions, the API will allow the request to proceed. If the key is invalid, Authorization header isn't provided, has been revoked, or does not have the necessary permissions, the API will return an error and deny access to the resource.

It is important to note that API keys should be kept in secret and not be shared with third parties. Each client should have their own API keys, and should be used only for their own purposes. This will help to ensure the security and integrity of the API.

Restricted API keys

API keys are restricted through custom roles, which allow clients to create API keys with delimited permissions. For example, an API key with the "Admin" role might be able to perform any action on the API, while an API key with the "Viewer" role might only be able to read data from the API.

The clients must specify the desired roles when generating the key through the Mono Dashboard. The API key will then be granted the permissions associated with those roles.