All API calls are subject to authentication. In order to invoke the AlisQI API endpoints, developers need to create an authentication token.
Authentication tokens
The API supports the Bearer authentication specification.
Bearer Authentication is a token-based authentication scheme used to secure API endpoints. This method allows clients to provide a token with their requests to authenticate and gain access to protected resources.
Each token is connected to a single user as defined in the AlisQI in-app user lists. The Read, Insert and Update permission this user has for analysis sets (via its user group), also apply to API invocations. More information on the user and permission management in AlisQI.
API authentication tokens can be created in the in-app integration hub.
We recommend using dedicated tokens per integration scenario.
Authorization Header
The recommended way to provide the bearer token is through the HTTP Authorization header. This method is preferred due to its security and standardization.
Benefits of Using the Authorization Header
- Tokens are not exposed in URLs, reducing the risk of accidental leaks (e.g., through browser history or server logs).
- It follows a widely accepted convention for sending tokens in HTTP requests.
Example
curl --request GET \
--url 'your api endpoint' \
--header 'accept: application/json' \
--header 'authorization: Bearer abc...123'
Alternative Method: Using the Token in the URL
As an alternative, the token can also be included as a query parameter in the URL. This method is less secure but may be necessary in certain scenarios where modifying headers is not feasible.
Example
https://url&access_token=abc...123Drawbacks of Using the URL
- Tokens in URLs can be exposed in browser history, server logs, and referrer headers.
- Some browsers and servers have limitations on URL length, which can cause issues with longer tokens.