Authentication

All endpoints in the MyPuro API require authentication using API keys. If omitted, the API will reject the request and instead return an HTTP 401 Unauthorized response.

The API keys required for API usage can be generated through the MyPuro Portal API management pages.

The API is primarily for machine-to-machine use-cases, and we recommend using the MyPuro Portal for everyday use with Azure AD B2C accounts which are tied to a specific user.

The API key will have the access rights which are specifically enabled in the MyPuro Portal for API use. Read the next section on Access sharing for more details.

Generating API Keys

The API keys can be obtained and managed through the MyPuro Portal using the API management pages.

info

API keys will have get an expiration date, currently configured to be one year after creation. Therefore, you will need to rotate your keys before they expire.

Authenticating with an API key

After generating an API key, you can use the API key and secret pair as you would use the HTTP "Basic" authentication credentials, as defined in RFC7617.

The following snippets outlines how such request could look like:

curl -X 'GET' \
  'https://uat.puro.earth/mypuro/api/account-holders' \
  -H 'accept: application/json' \
  -H 'Authorization: Basic Y2xieHluaWxyMDAwMGVveGQzY2o0Y3gzdjozYjg4MWJiOC0zYjk0LTQ5N2YtYjFkNS00NzEzZTRhZmRhMzU='

Generating API Keys​

Authenticating with an API key​

Generating API Keys

Authenticating with an API key