Authentication
Every Sigma App has an App ID and an App Secret which are used to obtain Org Access Tokens which can be used to authenticate requests on behalf of Sigma Orgs.
App IDs and App Secrets
Please reach out to [email protected] to create an App and get its App ID and App Secret.
Your App ID can be shared freely, but you should always store your App Secret securely and secretly, only on your own servers and never in a client app.
If your App Secret ever becomes public please reach out to [email protected] for help deactivating and replacing it.
API Keys
Every App has an API Key formed by base-64 encoding the concatenation of your App ID, ":", and your App Secret:
apiKey = base64(appId + ":" + appSecret)
To authenticate your requests as an App, send an Authentication
header with the concatenation of the word "Basic", a space, and your API key:
curl -H "Authorization: Basic {apiKey}" https://api.sig.ma/v2/example/endpoint
The popular cURL tool has built-in support for Basic HTTP authentication, handling the "Basic " prefix and base-64 encoding for you.
curl --user {appId}:{appSecret} https://api.sig.ma/v2/example/endpoint
Authenticating on Behalf of an Org
Almost all requests to the Sigma API are done on behalf of a specific Org rather than a general App.
Apps can always make requests on behalf of the Org that created them. They can also authenticate on behalf of other Orgs that have granted the App special permissions by "Linking" with the App.
To authenticate on behalf of an Org, the App must request a short-lived Org Access Token. Org Acce
> curl -X POST --user {appId}:{appSecret} https://api.sig.ma/v2/orgs/{orgId}/access
{ "orgAccessToken": "{orgAccessToken}" }
Next, the App can make requests on behalf of the Org using the Org Access Token as a "bearer" token:
curl -H "Authorization: Bearer {orgAccessToken}" https://api.sig.ma/v2/example/endpoint
Acting on Behalf of Third-Party Orgs
|n order for your Org to act on behalf of third-party Orgs (ones other than your own), you'll need to ask Sigma Members to "link" your App. You can learn how to do that in our Linking with Orgs guide.
Access Member Profiles and Merits
In order for your App to access Sigma Members' Merits and profiles on behalf of an Org you'll need to ask them to "Login with Sigma". You can learn how to do that in our Login with Sigma guide.
Updated over 5 years ago