API Reference

Authentication and Authorization

Securing access to your data

Authentication

Basics

To use Slick, you need at least a client-id and a client-secret. You can pass this client-secret as a header parameter called x-api-key or api-key depending on the API version you are on. Documentation will guide you on this.

Each Slick customer is considered a Provider and we issue a provider id once for your account. You'll get access to your customer portal as part of the onboarding process.

We will also provision a client-id and client-secret at sign up and you can generate other keys as needed via our portal.

Supported Methods

Slick supports both API Key and Bearer authentication.

Authorization

Accessing data

Authorization to your data is governed by any valid client-id and client-secret issued to your account. You can then exchange these for an Access Token via the /token endpoint.

Permissions

All data can be read and written using this key. We are yet to find a use-case for providing limited permission to an API-key. However if there is a compelling use-case, we will look to provide permission control using OAuth Scopes.

Later

Further to permissions, we may introduce a concept of "projects" (name tbd). This would mean API Keys would be issued at the "Project" level, to allow Providers to further segment or protect their data. An example use-case would be a dev and prod project.