Guides

Authentication

Suggest Edits

To interact with the Kigo API, a partner must authenticate their requests using session tokens. The Kigo API employs multiple levels of session tokens. Below, this guide will describe the details of how to obtain an partner-level API session token, how to use them in requests, and important considerations regarding token expiration and renewal.

Prerequisites

Before interacting with the Kigo API, ensure:

  • API Key: A secret key provided by Kigo.
  • Partner ID: A unique identifier associated with the partner organization.

A partner can obtain these values from their primary contacts at Kigo.

Steps to Implement

The first step in authenticating with the Kigo API is obtaining a partner-level session token. This token is required for making API calls to endpoints that require partner-level authorization.

  1. Creating a Partner Level Session Token

    • Endpoint: Create an API session token.
    • Purpose: This token authorizes access to other API endpoints within the Kigo API.
    • Token Expiration: The partner-level session token is valid for 30 minutes. After expiration, a new token will need to be created.
    • Usage: Include this token in the Authorization header when making API requests to endpoints that require partner-level authorization such as creating a user-level session token.

  2. Using the Partner-Level Session Token

    • Header Example: 
      Authorization: Bearer partner-level-session-token

Key Considerations

  1. Handling Token Expiration Partner-level session tokens expire after 30 minutes. To maintain uninterrupted access to the API:
    • Token Renewal: Before or when a token expires, generate a new one using the same process as initially obtaining it. Automating this process in the application can help avoid any disruption.
    • Error Handling: If a token expires and an API call is made with it, the API will return an authentication error. Partner servers should handle this error gracefully, possibly by automatically requesting a new token and retrying the request.

Example Workflow

  1. Start by obtaining a partner-level session token using the provided endpoint.
  2. Include the partner-level token in API requests to authenticate and authorize access to partner specific resources.
  3. Monitor token expiration and renew tokens as needed to ensure continuous API access.

Best Practices for Authorization

  • Secure Storage: Store the API Key, Partner ID, and session tokens securely. Avoid hardcoding these credentials in application code. Use environment variables or secure vaults. Also avoid pass the partner-level session token to front-end clients. This access level to the Kigo API should be restricted to controlled environments.
  • HTTPS Only: Always make API requests over HTTPS to ensure that tokens and other sensitive data are encrypted in transit.

Updated 8 months ago