API Authentication
The Samvyo API uses a token-based authentication system. Before making any API calls, you need to generate an authentication token using your access keys.
Prerequisites
- Generate Access Keys: First, you need to generate your access keys from the Samvyo dashboard:
- Log in to your Samvyo dashboard (opens in a new tab)
- Navigate to Settings → API Keys section
- Generate your
accessKeyandsecretAccessKey
Getting Authentication Token
Endpoint
POSThttps://api.samvyo.com/api/siteSetting/getAuthToken
Request Body
{
"accessKey": "your-access-key-here",
"secretAccessKey": "your-secret-access-key-here"
}Example Request
const response = await fetch('https://api.samvyo.com/siteSetting/getAuthToken', {
method: 'POST',
headers: {
'Content-Type': 'application/json',
},
body: JSON.stringify({
accessKey: 'f4dbf056-64e0-46ff-bbeb-9fe9b-2-1',
secretAccessKey: 'e1ee50fca580e8c7827ebee4ccba10782'
})
});
const data = await response.json();Success Response
{
"authToken": {
"ok": true,
"message": "Auth token generated successfully",
"token": <your-auth-token>
}
}Error Response
{
"authToken": {
"ok": false,
"message": "Invalid access key or secret access key"
}
}Using the Authentication Token
Once you have the authentication token, you need to include it in the Authorization header of all subsequent API requests:
const headers = {
'Content-Type': 'application/json',
'Authorization': `Bearer ${authToken}`
};Token Expiration
The authentication token has an expiration time of 1 hour. When the token expires, you'll need to generate a new one using the same process.
Security Best Practices
- Keep your access keys secure: Never expose your
accessKeyandsecretAccessKeyin client-side code - Store tokens securely: Store the authentication token securely and refresh it before expiration
- Use HTTPS: Always make API calls over HTTPS
- Rotate keys regularly: Regularly rotate your access keys for better security