Authenticating with the API

Every call to the Spottingmode API needs to be authenticated to ensure only calls coming from signed up users are completed. Currently there are two methods of authenticating a call, while a third option is under development.

API key authentication

All current API methods support the API key authentication. This method requires that the API key is part of the url as a GET parameter. The Spottingmode API will read out the key, check it against the stored keys and decide whether or not the call can be completed.

Every signed up user has an API key assigned (along with an API secret). You can find the API key on your API user dashboard.

Make sure you never share your API key with anyone else. With the API key, other users could abuse your authorization to use the Spottingmode API. If such abuse is detected the API key will be removed from the system and your access to the Spottingmode API will be revoked.

In browser log in

Most methods in the Spottingmode API will be called from another webserver and will require the above mentioned API key authentication. Some calls however, can be called directly from the browser. For example the calls that return a csv file for download and upload to Google maps. If these calls are indeed made from the browser, then the API is able to check for the log in cookie and can authenticate the call based on the user that is logged in. An API key does not have to be given in that case. If both a user is logged in and an API key is given, then the API key takes precedence. The API key will in that case be used to authenticate the call and the logged user info will be ignored.

End user authentication (under development)

The third authentication method is still under development and currently not in use for any methods. This method will require end user authentication and authorization through the Oauth protocol. More information will be published once methods become active that use this authentication method.