To access, modify private information, or create any meaningful interaction with the Sariska API requires proper authentication. This is achieved through API keys, which are associated with your account. When making requests to the Sariska API, your application will need to provide an access token, which is used to identify the user. Each request your application sends to Sariska must also include an authorization token, which serves as a verification of your identity.
API keys are always visible in your account dashboard. If you are not logged in, randomly generated API keys will be included in code examples. Replace these with your own API keys to ensure your application is using the correct credentials.
If you are unable to locate your API keys within the dashboard, it indicates that you lack the necessary permissions to access them. To gain access, reach out to the administrator of your Sariska account and request to be added to their team as a developer.
Authentication in Sariska is handled using ID tokens, which are in JSON Web Token (JWT) format. ID tokens contain information that helps Sariska identify you as a user and confirms that you are authorized to access and modify information.
Protecting API Keys and Tokens
Your Sariska API keys are directly linked to your account and must be authorized before they can be used to make requests on your behalf.
Never share your API keys with anyone you don't trust. This includes friends, family, and even co-workers.
Store your API keys in a secure place. Don't write them down on paper or save them in a file that is easily accessible.
Monitor your API usage regularly. This will help you to identify any unauthorized activity.
If your keys or tokens are compromised, they could be used tomake unauthorized requests to Sariska endpoints, potentially leading to unexpected rate limits, depletion of your access quota, or even cause your Sariska account to be disabled.
Regenerating API Keys
If you believe your API keys or tokens have been compromised, you should regenerate them immediately from the admin dashboard.
Granting Access to API Keys
Only grant access to API keys to those who need them. Do not include them in any version control systems you may be using.
Revoking API Keys
You can revoke API keys at any time if you no longer need them or suspect they have been compromised. You can also edit API keys to change their level of access.