Get Started
Authentication
Authenticate your API requests.
Server-side authentication
Use long-lived API Keys to authenticate server-side backend applications.
Client-side authentication
Use short-lived JWT tokens to authenticate client-side frontend applications.
Get your API credentials
To get your API credentials, create an Application in the Propel Console withDATA_POOL_QUERY and METRIC_QUERY scopes so they can access your data.
If you are using the Management API, you need an Application with
ADMIN scope.Server-side authentication
Authenticate server-side applications using an Application ID and secret as HTTP Basic Authentication credentials. Use the Application ID as username and secret as password in the HTTP Basic Authorization header:Client-side authentication
Authenticate client-side frontend applications using short-lived JWT tokens. This involves a two-step process:1
Generate a JWT token
Make a POST request to the Token API endpoint with your Application credentials from secure backend code.Replace
$APPLICATION_ID and $APPLICATION_SECRET with your Application’s clientId and secret.The response includes:2
Make an authenticated request
Once you’ve received an access token, your application makes API requests by including the Authorization header with your access token.
Error handling
400 Bad request
400 Bad request
The Token API will return a 400 Bad Request response if:
- The
grant_typeparameter is missing or invalid - The
client_idparameter is missing or invalid - The
client_secretparameter is missing or invalid
- Verify you’ve created a Propel Application in your Account
- Confirm your Application secret is correct
- Ensure you include
grant_type=client_credentialsin the request
401 Unauthorized
401 Unauthorized
403 Forbidden
403 Forbidden
The API will return a 403 Forbidden response when the access token lacks the required permissions to access a resource. This means:
- The token does not have the necessary scopes
- The token does not have the required policies