All API requests must authorized with a valid API Key and a valid OAuth2 Bearer token.
Both your API Key and OAuth2 tokens are created user your account at https://signatu.com or using standard OAuth2 flows (see OAuth).
If you need help creating an access token please contact support@signatu.com.
Access tokens must be granted access to scope consent.
x-api-key HTTP headerAll requests must contain the x-api-key header. The API Key is used to identify your account and associated account limits. Note that while x-api-key is not used to authorize access to the API (see Authorization below) you should not distribute your API Key.
Authorization HTTP headerYou can authorize HTTP requests using the Authorization http header. The API expects
a Bearer token, meaning that any client presenting the token is treated as authorized. You can create tokens in your Signatu account, or use standard OAuth2 Client Credentials Grant flow (see RFC 6749).
The Authorization HTTP header is set. The token is a Bearer token, meaning any client with the token available can access the Policies associated with the user account. The token should hence be kept secret.
$ curl https://api.signatu.com/consent/v0/consents -H 'Authorization: Bearer dqwoiuoi98324IUIUWECVOH' -H 'x-api-key: 12908347192749238798'
* Connected to localhost (api.signatu.com) (#0)
> GET /consent/api/v0/... HTTP/1.1
> Host: signatu.com
> x-api-key: 12908347192749238798
> Authorization: Bearer dqwoiuoi98324IUIUWECVOH