Skip to main content

Authentication

Intro

When calling the seats.io API, you need to authenticate yourself. To do so, you must include a secret API key in the request.

That secret key can be either

  • your company admin key, which grants you permission to make any request, across workspaces (e.g. listing all workspaces).
  • or: a secret workspace key, which allows you to make requests that operate within a workspace (e.g. booking a seat in that workspace).
Your secret keys carry many privileges, so it's very important to keep them to yourself!
  • Never push a secret key to public repositories on GitHub, BitBucket or the likes.
  • Never call the seats.io API from the client's browser (e.g. using $.ajax), as this will require you to publicly expose your secret key.

Authentication to the API is performed via HTTP Basic Auth. You should provide the secret key as the username value. You do not need to provide a password, and if you do, we'll ignore it.

Our server-side SDKs take care of HTTP Basic Auth under the hood.

Examples

use Seatsio\Region;
use Seatsio\SeatsioClient;

// for calls within a workspace (e.g. booking a seat)
$client = new SeatsioClient(Region::EU(), <WORKSPACE SECRET KEY>);

// for calls not specific to a workspace (e.g. listing all workspaces)
$client = new SeatsioClient(Region::EU(), <COMPANY ADMIN KEY>);

// for calls within a workspace (e.g. booking a seat)
// AND calls not specific to a workspace (e.g. listing all workspaces)
$client = new SeatsioClient(Region::EU(), <COMPANY ADMIN KEY>, <WORKSPACE PUBLIC KEY>);

Raw HTTP

When doing raw HTTP calls, you need to set a header called "Authorization". It's value should be “Basic x”, where x is your secret key with a colon, base64 encoded.

So:

StepsExample
1. Take your workspace secret key or company admin key550e8400-e29b-41d4-a716-446655440000
2. append a colon (:)550e8400-e29b-41d4-a716-446655440000:
3. base64-encode itNTUwZTg0MDAtZTI5Yi00MWQ0LWE3MTYtNDQ2NjU1NDQwMDAwOg==
4. put it in an Authorization headerAuthorization: Basic NTUwZTg0MDAtZTI5Yi00MWQ0LWE3MTYtNDQ2NjU1NDQwMDAwOg==
curl https://api-{region}.seatsio.net/charts -H "Authorization: Basic NTUwZTg0MDAtZTI5Yi00MWQ0LWE3MTYtNDQ2NjU1NDQwMDAwOg=="

Using the company admin key

When using the company admin key, you can specify the workspace the request applies to. To do so, pass in the X-Workspace-Key header. That header should contain the public workspace key.

If you don't provide the X-Workspace-Key header, API calls with the company admin key operate on the default workspace for your company.

curl -u 550e8400-e29b-41d4-a716-446655440000: -H "X-Workspace-Key: c49fe901-c35b-4d5a-a0cf-2b4c6124738b" https://api-{region}.seatsio.net/charts