Skip to main content

Authentication

Intro

When calling the Seats.io API, you need to authenticate yourself. To do so, you must include a secret API key in the request.

That secret key can be either

  • A secret workspace key, which allows you to make requests that operate within a workspace (e.g. booking a seat in that workspace).
  • Or: your company admin key, which grants you permission to make any request (e.g. retrieving the usage report or listing all workspaces in production).
  • Or: a sandbox admin key, which grants you permission to make any request within a sandbox (e.g. listing the workspaces for that sandbox).
Your secret keys carry many privileges, so it's very important to keep them to yourself!
  • Never push a secret key to public repositories on GitHub, BitBucket or the likes.
  • Never call the Seats.io API from the client's browser (e.g. using fetch()), as this will require you to publicly expose your secret key.

Authentication to the API is performed via HTTP Basic Auth. You should provide the secret key as the username value. You do not need to provide a password, and if you do, we'll ignore it.

Our server-side SDKs take care of HTTP Basic Auth under the hood.

Examples

use Seatsio\Region;
use Seatsio\SeatsioClient;

// for calls within a workspace (e.g. booking a seat)
$client = new SeatsioClient(Region::EU(), <WORKSPACE SECRET KEY>);

// for calls not specific to a workspace (e.g. listing all workspaces)
$client = new SeatsioClient(Region::EU(), <COMPANY ADMIN KEY OR SANDBOX ADMIN KEY>);

// for calls within a workspace (e.g. booking a seat)
// AND calls not specific to a workspace (e.g. listing all workspaces)
$client = new SeatsioClient(Region::EU(), <COMPANY ADMIN KEY OR SANDBOX ADMIN KEY>, <WORKSPACE PUBLIC KEY>);

Raw HTTP

When doing raw HTTP calls, you need to set a header called "Authorization". It's value should be “Basic x”, where x is your secret key with a colon, base64 encoded.

StepsExample
1. Take your workspace secret key, company admin key or sandbox admin key550e8400-e29b-41d4-a716-446655440000
2. Append a colon (:)550e8400-e29b-41d4-a716-446655440000:
3. Base64-encode itNTUwZTg0MDAtZTI5Yi00MWQ0LWE3MTYtNDQ2NjU1NDQwMDAwOg==
4. Put it in an Authorization headerAuthorization: Basic NTUwZTg0MDAtZTI5Yi00MWQ0LWE3MTYtNDQ2NjU1NDQwMDAwOg==
curl https://api-{region}.seatsio.net/charts -H "Authorization: Basic NTUwZTg0MDAtZTI5Yi00MWQ0LWE3MTYtNDQ2NjU1NDQwMDAwOg=="

Using the company admin key or sandbox admin key

When using the company admin key or sandbox admin key, you can specify the workspace the request applies to. To do so, pass in the X-Workspace-Key header. That header should contain the public workspace key.

If you don't provide the X-Workspace-Key header, API calls with the company or sandbox admin key operate on the default workspace for your production environment or sandbox.

curl -u 550e8400-e29b-41d4-a716-446655440000: -H "X-Workspace-Key: c49fe901-c35b-4d5a-a0cf-2b4c6124738b" https://api-{region}.seatsio.net/charts