Authentication to Aurora Solar's API is granted through API keys (bearer tokens). An Admin user for your tenant can create, retrieve, and, if necessary, rotate the keys using the API Tokens screen in Aurora.
Aurora currently supports two types of API keys:
A Standard Key grants access to all API actions for a single tenant. This type of key is intended for general usage when building your integration.
A tenant may only have one standard key.
We strongly recommend against sharing Standard Keys outside of your organization. See Restricted Keys for a more secure alternative.
Restricted Keys grant access to only a specified subset of API actions for a single tenant (ex. only List and Retrieve Projects). If you want to grant micro-services (internal or third-party) access to your data, consider using restricted keys to reduce the risk of unintended data sharing. We highly recommend creating a separate restricted key for each third-party. This gives you more granular control over the third-party's access and allows Aurora to individually audit activity on each key.
You can further scope restricted key access to specific projects by using tags. See Project-based Tags for more information.
A tenant may have multiple restricted keys with varying levels of access.
Note that restricted keys will be created in the latest version of the API (2022.09).
In order to authenticate a request using Bearer Token auth, you need to pass the API key through the Authorization header and also prefix the entire key with Bearer. For example, an authenticated curl request would include the following:
-H "Authorization: Bearer sk_prod_LXknKczQYkniVtMpRYs8wJgk"
Our bearer tokens have a meaningful prefix to help with key management. The prefix consists of:
- The type of key:
sk_: A "Standard Key"
rk_: A "Restricted Key"
- The environment:
sand_: The key grants access to the sandbox environment.
prod_: The key grants access to the production environment.
For example, a key that grants access to all API actions for a single tenant on production would look like