Authentication
Thought Industries API uses secure authentication methods to protect your content and data.
Authentication Methods
API Key Authentication
The simplest authentication method using an API key.
Header Format:
Authorization: Bearer YOUR_API_KEY
Example:
curl -X GET \
https://{your-instance-url}/incoming/v2/courses/structure \
-H 'Authorization: Bearer YOUR_API_TOKEN'
OAuth 2.0
For more complex integrations, OAuth 2.0 provides a secure, token-based authentication flow.
Steps:
- Register your application
- Obtain authorization
- Exchange code for access token
- Use access token in requests
Obtaining API Keys
- Log into your Thought Industries admin panel
- Navigate to Settings > API Access
- Generate a new API key
- Store the key securely (it won't be shown again)
Security Best Practices
caution
Never expose your API keys in:
- Client-side code
- Public repositories
- Browser console
- Error messages
Best Practices:
- Store keys in environment variables
- Use separate keys for development and production
- Rotate keys regularly
- Implement proper error handling
- Monitor API usage for anomalies
Key Management
- Rotation: Rotate keys every 90 days
- Revocation: Immediately revoke compromised keys
- Scope: Use the minimum required permissions
- Monitoring: Track API key usage and patterns
Troubleshooting
Common Authentication Errors
401 Unauthorized
- Invalid API key
- Expired token
- Missing Authorization header
403 Forbidden
- Insufficient permissions
- API key doesn't have required scope
- Account restrictions
Rate Limiting
- See Rate Limits & Bulk Processing for details