https://www.ory.sh/ logo
Join Slack
Powered by
<@U04UQ68083H> How do I authenticate my API reques...
# ory-copilot
b
@chilly-king-10285 How do I authenticate my API request to our Ory Network application? Do I need to make an API key? We're attemping to hit /admin/identities/{flow}
c
A message from kapa.ai
New message text here
b
Can we do it with the query string? @chilly-king-10285
c
A message from kapa.ai
Based on the provided extracts, there's no mention of using an API Key in the query string for authentication. The standard and secure way to use an API Key for authentication in Ory is to include it in the 
Authorization
header of your HTTP requests. Here's an example:
Copy code
bash GET /admin/identities HTTP/1.1   Host: {{project.slug}}.<http://projects.oryapis.com|projects.oryapis.com>   Accept: application/json   Authorization: Bearer {{API-Key}}
Replace 
{{API-Key}}
with your actual API Key. Including sensitive information like API Keys in the query string is generally not recommended due to security concerns. It's best to follow the recommended practices for using API Keys in Ory. For more information, you can refer to the [Authorization with API Keys](https://www.ory.sh/docs/concepts/personal-access-token) documentation. Sources: - [Authorization with API Keys](https://www.ory.sh/docs/concepts/personal-access-token) - [Ory APIs](https://www.ory.sh/docs/getting-started/local-development#ory-apis)
b
But will it work? @chilly-king-10285
c
A message from kapa.ai
Based on the provided extracts, it's not recommended or specified to use the API Key in the query string for authentication. The standard and secure way to use an API Key for authentication in Ory is to include it in the 
Authorization
header of your HTTP requests. While some APIs may allow authentication via query parameters, it's generally considered less secure and not a best practice. Query parameters are often logged in various places, cached, and can be exposed in the browser history, which can lead to potential security risks. Therefore, even if it technically works, it's not recommended due to the security implications. Always follow the recommended practices for using API Keys in Ory, which is to include them in the 
Authorization
header. For more information, you can refer to the [Authorization with API Keys](https://www.ory.sh/docs/concepts/personal-access-token) documentation. Sources: - [Authorization with API Keys](https://www.ory.sh/docs/concepts/personal-access-token) - [Ory APIs](https://www.ory.sh/docs/getting-started/local-development#ory-apis)
3 Views
Open in Slack
PreviousNext
Powered by