HomeGuidesAPI Reference

Authentication

Every Merit App has an App ID and an App Secret which are used to obtain Org Access Tokens which can be used to authenticate requests on behalf of Merit Orgs.

Suggest Edits

Once you have your App Key and App Secret you're good to go. Follow the steps below to properly authenticate your API calls, if you didn't get your Key yet, follow the checklist in the Quick Start

❗️

KEEP IT SECRET

If your App Secret ever becomes public please reach out to [email protected] for help deactivating and replacing it.

API Keys

Every App has an API Key formed by base-64 encoding the concatenation of your App ID, ":", and your App Secret:

apiKey = base64(appId + ":" + appSecret)

To authenticate your requests as an App, send an Authentication header with the concatenation of the word "Basic", a space, and your API key:

curl -H "Authorization: Basic {apiKey}" https://api.merits.com/v2/example/endpoint

The popular cURL tool has built-in support for Basic HTTP authentication, handling the "Basic " prefix and base-64 encoding for you.

curl --user {appId}:{appSecret} https://api.merits.com/v2/example/endpoint

Authenticating on Behalf of an Organization

Almost all requests to the Merit API are done on behalf of a specific Organization rather than a general App.

Apps can always make requests on behalf of the Organization that created them. They can also authenticate on behalf of other Organizations that have granted the App special permissions by "Linking" with the App.

To authenticate on behalf of an Organization, the App must request a short-lived Org Access Token.

> curl -X POST --user {appId}:{appSecret} https://api.merits.com/v2/orgs/{orgId}/access
{ "orgAccessToken": "{orgAccessToken}" }

Next, the App can make requests on behalf of the Organization using the Org Access Token as a "bearer" token:

curl -H "Authorization: Bearer {orgAccessToken}" https://api.merits.com/v2/example/endpoint

Acting on Behalf of Third-Party Organizations

|n order for your Organization to act on behalf of third-party Organizations (ones other than your own), you'll need to ask Merit Members to "link" your App. You can learn how to do that in our Linking with Orgs.

Access Member Profiles and Merits

In order for your App to access Merit Members' Merits and profiles on behalf of an Organization you'll need to ask them to "Login with Merit". You can learn how to do that in our Login with Merit guide.

Updated almost 5 years ago