Optionally provide private feedback to help us improve this article...

Thank you for your feedback!


How Web API Authentication Works

New

This article details how to make remote requests into the InstantKB Web API and authenticate those requests. Authentication for any request into the InstantKB Web API is achieved via the "Authorization" header supplied with the request.

Within the Authorization header you would always need to provide at minimum your InstantKB "Application Key". To return private data or perform restricted actions you can also combine a User Key with your Application Key within the Authorization header.

Anonymous Requests

To obtain public or anonymous data you simply need to provide a valid "Application Key" within the "Authorization" header for your request. The example below shows how to obtain all public data for an existing article with ID 50011...

GET api/article?id=50011 HTTP/1.1
Host: https://demos.instantasp.co.uk/InstantKB2018/
Authorization: Basic {your_application_key_here}
Content-Type: application/json
X-Api-Version: 1

NOTE: Providing the application key will only return public data. If you attempt to query data that is not publicly visible on your knowledge base, for example a private article or article that is only visible to authenticated users the request will return a 404 response.

Authenticated Requests

To return private data or add data on behalf of a specific user you can also combine a valid User Key with a valid Application Key. The example below shows how to add a new support ticket for the user matching the supplied User Key...

POST api/ticket HTTP/1.1
Host: https://demos.instantasp.co.uk/InstantKB2018/
Authorization: Basic {your_application_key_here}:{your_user_key_here}
Content-Type: application/json
X-Api-Version: 1

data: "{\n\ttab_id: 4,\n\ttitle: \"My new ticket\",\n\ttext: \"My new ticket text\",\n\tstatus_id: 6\n}"

Notice the Application Key and the User Key are both passed into the Authorization header and are separated with a colon. The new ticket will be created on behalf of the user matching the supplied User Key. If either the Application Key or User Key are not valid the request will fail.