The API server authenticates all requests made to the API. Since anonymous API calls are severely rate limited, each API request should include a bearer token (API key) or valid session cookie. A token is required for calls to the
To avoid interception of authentication tokens, send all API requests over TLS-protected connections.
Using a bearer token (API key)
When using bearer tokens, each API request must include an
Authorization header in the following format:
Authorization: Bearer <APIKEY>
$ curl -X GET 'https://public.enigma.com/api/collections/' \ -H 'Authorization: Bearer ABCwnldPbOkLjV9lLGFfb8MctvIDmId6Zxyz'
If the authorization header is missing or is improperly formatted, the API returns an HTTP response with status code
401 Unauthorized and a JSON-encoded
To obtain your API key through the API, sign into the API server using the POST /account/login endpoint. Your API key is included in the response. You can also get your API key through the Enigma Public user interface by clicking your initials at the top right of the screen and choosing Account Settings.
Using a session cookie
Session-based authentication uses a cryptographically secure cookie to store authentication and user data. To obtain a session cookie, sign into the API server using the POST /account/login endpoint. The cookie is included in the response headers. See POST /account/login for usage information and examples.