Authentication

The Riipen API is authenticated through the use of API keys.

API keys are made up of two parts:

• Public keys - prefixed with pk_, which are used to identify you publicly. This key does not need to be kept secret.
• Secret keys - prefixed with sk_, which are used to make authenticated API calls and access resources. Make sure you keep these keys secret and secure. Do not store them in version control of use them in any client facing code.

To obtain an API key, log in to your account on app.riipen.com and:

1. Click "Settings" in the main menu for either your portal or company
2. Click "Keys" under the "Advanced" group

From here you can create a new, or manage existing keys.

All API request must be made over HTTPS and must use one of these two authentication mechanisms:

• HTTP "Basic" authentication

curl https://api.riipen.com/api/v1/companies -u $SECRET_KEY:

Note that the password component of the basic authentication is left blank.

• HTTP "Bearer" authentication

curl https://api.riipen.com/api/v1/companies -H "Authorization: Bearer $SECRET_KEY"

Authorization

API keys can be used from two types of entities:

• Portal
• Company

When you use the API, you will be authorized to take any action an administrator would take for your entity.

Riipen does not support API scopes at this time.