HomeGuidesAPI Reference
These docs are for v2.0. Click to read the latest docs for v2.1.

Authentication

Every Sigma App has an App ID and an App Secret which are used to obtain Org Access Tokens which can be used to authenticate requests on behalf of Sigma Orgs.

Suggest Edits

App IDs and App Secrets

Please reach out to [email protected] to create an App and get its App ID and App Secret.

Your App ID can be shared freely, but you should always store your App Secret securely and secretly, only on your own servers and never in a client app.

❗️

If your App Secret ever becomes public please reach out to [email protected] for help deactivating and replacing it.

API Keys

Every App has an API Key formed by base-64 encoding the concatenation of your App ID, ":", and your App Secret:

apiKey = base64(appId + ":" + appSecret)

To authenticate your requests as an App, send an Authentication header with the concatenation of the word "Basic", a space, and your API key:

curl -H "Authorization: Basic {apiKey}" https://api.sig.ma/v2/example/endpoint

The popular cURL tool has built-in support for Basic HTTP authentication, handling the "Basic " prefix and base-64 encoding for you.

curl --user {appId}:{appSecret} https://api.sig.ma/v2/example/endpoint

Authenticating on Behalf of an Org

Almost all requests to the Sigma API are done on behalf of a specific Org rather than a general App.

Apps can always make requests on behalf of the Org that created them. They can also authenticate on behalf of other Orgs that have granted the App special permissions by "Linking" with the App.

To authenticate on behalf of an Org, the App must request a short-lived Org Access Token. Org Acce

> curl -X POST --user {appId}:{appSecret} https://api.sig.ma/v2/orgs/{orgId}/access
{ "orgAccessToken": "{orgAccessToken}" }

Next, the App can make requests on behalf of the Org using the Org Access Token as a "bearer" token:

curl -H "Authorization: Bearer {orgAccessToken}" https://api.sig.ma/v2/example/endpoint

Acting on Behalf of Third-Party Orgs

|n order for your Org to act on behalf of third-party Orgs (ones other than your own), you'll need to ask Sigma Members to "link" your App. You can learn how to do that in our Linking with Orgs guide.

Access Member Profiles and Merits

In order for your App to access Sigma Members' Merits and profiles on behalf of an Org you'll need to ask them to "Login with Sigma". You can learn how to do that in our Login with Sigma guide.

Updated over 5 years ago