Authorization

We make sure that only authorized users can make API calls!

Making secure calls to our REST API requires authentication and authorization. THEOlive makes use of token-secret pairs to authorize requests.

1. Getting a token-secret pair

To generate a token-secret pair, you should be registered for an account at https://console.theo.live/. Under the section "Tokens", click on the "Generate Token" button, and enter a name before clicking "Generate".

19081908

Generate token

This will give a pop-up which shows your token "key" and the corresponding secret.

19141914

Generated token and secret - save your secret now, it can't be retrieved in the future

Once you "Close" the pop-up window, the new token will be visible in your list of tokens.

19141914

Token list

🚧

Please store the secret

Make sure to store the secret somewhere, as this will be shown to you only once, and THEOlive only stores a hash of the secret, so it cannot be recovered afterward.

In case you forgot your secret, or the secret got exposed, you can easily regenerate a pair at all times.

A list of your tokens can also be found at the bottom of the management console landing page.

18911891

Token list in the dashboard

2. Using the token-secret pair with Basic Authentication

THEOlive makes use of Basic Authentication when making requests to the API. In the 'Authorization' header, make sure to pass your token-secret pair (encrypted with base64), prepended with the word 'Basic'.

As an example, assume that your token has the value "my-token", and your secret has the value "my-secret". Then you can put them together like this: my-token:my-secret.

You subsequently encode this value using base64. Applying 'base64(my-token:my-secret)' will result in the following encoded string: 'bXktdG9rZW46bXktc2VjcmV0'

This string can then be used in combination with 'Basic' to pass in the 'Authorization' header:

Authorization: Basic bXktdG9rZW46bXktc2VjcmV0

You can now make requests to our THEOlive API in the name of your organization!

📘

Basic Authentication with Postman

The guide Using Postman with THEOlive illustrates how to use the THEOlive token-secret pair in Postman.