Authenticate an API key

This guide is for legacy users since API keys have been deprecated. Learn how to use our preferred authentication.

If you haven’t already, check out our high-level summary for authentication with Redox. If you want to authenticate a specific API key, follow the steps below.

Supported APIs

This authentication method is currently only supported for the Redox Data Model API. 

  1. Log in to the Redox dashboard.
  2. From the navigation menu, click the Developer page.
  3. By default, the Developer page opens and displays the API Keys tab.
  4. Any created API keys display. The top section contains Oauth keys and the bottom section contains legacy keys. To create a legacy key, click the Create API Key button. If you already have an API key created and need to configure it, click the Edit button of the API key that you want to configure then skip to step 6.
  5. A modal opens with API key details. In the Name field, enter the API key name. If you're a new user, you won't be able to create a legacy key.
  6. If you're an existing user with legacy keys, radio buttons display for Legacy and OAuth options. If these are visible, select the Legacy radio button.
  7. Click the Add button.
  8. The Settings page displays. From this page, you can copy the API key value and generate a new secret value to send a request for an access token.
  9. Use the following request:
    Use the accessToken (in the first line of the response) to authenticate in later steps.  The expires value contains the exact date and time that your access token expires. Access tokens expire 24 hours after retrieval.  The refreshToken can be used to retrieve a new access token after this one expires. See the details for refreshing your token further down below.

    401 error code

    If you attempt to use an expired access token with a request, you will receive a 401 Unauthorized error.

  10. Authenticate your request. The Data Model API utilizes an Oauth 2.0 Bearer authentication scheme to authenticate Data Model API requests. All requests to the Data Model API must contain an Authorization header with a valid access token in the following format: Authorization: Bearer [your-accessToken]

Making a request

After successfully authenticating, you can initiate requests to any endpoints you have verified. If you want to send test requests, you can do so to this endpoint: https://api.redoxengine.com/endpoint.

Canada URL

If you're operating in Canada, you must tweak the Redox hostname slightly. All you need to do is add a ca in that URL like this: https://api.ca.redoxengine.com.

Every request via the Data Model API must contain the following headers and body parameters.

Header
Value
Description
Authentication
Bearers `your-authToken`
Required for authenticating your request.
Content-Type
application/json
Enter this value for Data Model API calls.
Parameter
Type
Description
Meta.DataModel
String
The data model corresponding to the type of data you are sending or requesting.
Meta.EventType
String
The event type of the data model that you are sending or requesting.
Meta.Destinations[].ID
String array
Objects with ID value(s) of the endpoint(s) you are sending data to or the endpoint you're requesting data from.

Other required parameters

Each data model has different requirements for parameters. Explore each data model and their respective required parameters.

A request should generally look like this:

Refreshing your access token

You can use the refresh token returned from the most recent authentication request to retrieve a new access token via the refresh token endpoint:

The object returned for a successful response is the same as that for the original access token retrieval request noted above.

Generating a new secret value

If your API key or secret value are exposed for any reason, you must generate a new secret value for the relevant API key. Learn how to generate a new secret value.