Application and User Keys
Using the Gigya API with an Application or User Key
REST requests should be made using an application key and application secret. This is true also for requests made by third parties. Alternatively, you can use a user key and secret. These are subject to the user key's permissions and are logged for auditing purposes.
When you pass a request across HTTPS, include the site's API Key and the application key and secret (or user key and secret). For example:
All calls should be made over HTTPS.
For more information about user keys, including instructions for finding your user key in the Gigya Console, see Using the User Key.
Creating an Application Key
You can create multiple applications, each with its own permissions, and give groups of users access to these various applications. Each application has a userKey and secret that is used when making REST calls to Gigya API Endpoints.
Another benefit of using a userKey and secret is that the user does not have to construct or check signatures, as all requests are conducted over HTTPS.
To manage your Gigya Applications:
- Login to your Gigya Console.
- Navigate to the Admin tab.
- Select Applications.
- Once on the Applications page, press Create New Application and follow the on-screen prompts.
- Once the app is created you can view the Apps userKey and secret by clicking the Edit icon, which will take you to the apps Edit Application page.
- You can disseminate this userKey and secret to users whom you want to attain the privileges associated with this app. Users will use this userKey and replace the secret parameter in the request with the secret associated to this key.
- If at any time you want to revoke access for users using this Application, simply delete it from your account and all future attempts to use this userKey and secret will fail.
curl Code Example
In the above example, the secret is the secret associated with the userKey, not the account secret located in the Gigya Dashboard.