How Archetype Handles Authentication

User Authentication

User authentication currently is done optionally in headers, request body or in as a _url query. When you create an API you're given the option of setting the field or actually setting no auth__ if you intend for your API to be freely available without tiers.

The expected api key will be input with the key being apikey.

The user's API key will always be static unless they or you reset their API key.




URL Query


This is where you want to make your data accessible with a simple GET request and all your input arguments can also be parsed in the URL.




Secure way for your users to add their API key to the request



Secure way for your users to add their API key to the request. Most traditional way of authorizing users.

If you're looking for JWT or another form of auth for your end users, let us know over at [email protected]

SDK Authentication

Archetypes authenticates requests from the REST API and the Archetype SDK using your API keys. All requests must include a valid API key. There are also two types of API keys: public and secret in addition to the App ID.

  • Public API keys (also known as App specific keys in the dashboard) are meant to access publicly available info (like available tiers, products) and make non-potent changes to subscribers, and must be used to configure the Archetype SDK. Each app under a project is automatically provided with a public API key.
  • Secret API keys, should be kept confidential and only stored on your own servers. Your secret API keys can perform restricted API requests such as deleting subscribers and granting promotional access. Secret API keys are project-wide and can be created and revoked by project Admins. Please note: creating purchases via the REST API requires using a public API key, not a secret API key.

Did this page help you?