# API keys and authentication

The OpenGate API is enabled by default on all accounts. You don’t have to do anything to turn on this feature. However, API keys are used to control access to the resources via the API. When a third-party application asks for your API key, you can find it on your My info page by clicking the “Show your API keys” link.

The OpenGate API allows device to communicate with OpenGate.

The API keys can be sent using one of two methods: as a request header or as a parameter in the request URL (with the former preferred for security reasons).

  • Using an HTTP header: This is the recommended method of sending your API key because, whilst still not secure if sent over an unencrypted connection, it is less likely to be logged as part of the URL:

    X-ApiKey: YOUR_API_KEY_HERE
    

    API Key in HTTP Header example

    POST /south/v80/devices/{device.id}/collect/dmm
    Host: [your_opengate_address]
    X-ApiKey: YOUR_API_KEY_HERE
    
  • As a request parameter:

    Table 1. South API Key as Url Parameter

    Parameter Name Value
    X-ApiKey YOUR_API_KEY_HERE
    http://[your_opengate_address]/south/v80/devices/{device.id}/collect/dmm?X-ApiKey=YOUR_API_KEY_HERE
    

    API Key as URL Parameter Example

    POST /south/v80/devices/{device.id}/collect/dmm?X-ApiKey=YOUR_API_KEY_HERE
    Host: [your_opengate_address]