To access, modify private information, or create any meaningful interaction with the Sariska API requires proper authentication. This is achieved through API keys, which are associated with your account. When making requests to the Sariska API, your application will need to provide an access token, which is used to identify the user. Each request your application sends to Sariska must also include an authorization token, which serves as a verification of your identity.

API Keys

API keys are always visible in your account dashboard. If you are not logged in, randomly generated API keys will be included in code examples. Replace these with your own API keys to ensure your application is using the correct credentials.

ID Tokens

Authentication in Sariska is handled using ID tokens, which are in JSON Web Token (JWT) format. ID tokens contain information that helps Sariska identify you as a user and confirms that you are authorized to access and modify information.

Protecting API Keys and Tokens

Your Sariska API keys are directly linked to your account and must be authorized before they can be used to make requests on your behalf.

• Never share your API keys with anyone you don't trust. This includes friends, family, and even co-workers.

• Store your API keys in a secure place. Don't write them down on paper or save them in a file that is easily accessible.

• Monitor your API usage regularly. This will help you to identify any unauthorized activity.

Regenerating API Keys

If you believe your API keys or tokens have been compromised, you should regenerate them immediately from the admin dashboard.

Granting Access to API Keys

Only grant access to API keys to those who need them. Do not include them in any version control systems you may be using.

Revoking API Keys

You can revoke API keys at any time if you no longer need them or suspect they have been compromised. You can also edit API keys to change their level of access.