Authentication

All endpoints in the Registry API require authentication using API keys. If omitted, the API will reject the request and instead return an HTTP 401 Unauthorized response.

The API keys required for API usage can be generated through the MyPuro Portal API Access page.

The API is primarily for machine-to-machine data importing use-cases, and for everyday use we recommend using the Public Registry.

Unlike MyPuro API's access rights, there's no granular access rights required for the Registry API. All endpoints are available for use with a MyPuro Portal generated API key.

Generating API Keys

The API keys can be obtained and managed through the MyPuro Portal using the API Access page.

info

API keys have an expiration date, which can be configured when creating the API keys. Therefore, you will need to rotate your keys before they expire.

Authenticating with an API key

After generating an API key, you can use the API key and secret pair as you would use the HTTP "Basic" authentication credentials, as defined in RFC7617.

The following snippets outlines how such request could look like:

curl -X 'GET' \
  'https://uat.puro.earth/Registry/api/account-holders' \
  -H 'accept: application/json' \
  -H 'Authorization: Basic YXBpX2tleTphcGlfc2VjcmV0Cg=='

The Authorization header's token value can be formed in following way: base64_encode('api_key:api_secret').

# Bash
> echo 'api_key:api_secret' | base64
YXBpX2tleTphcGlfc2VjcmV0Cg==

Generating API Keys​

Authenticating with an API key​

Generating API Keys

Authenticating with an API key