# Authentication

This API is secured with a uniquely generated API Key which identifies the logged in user. The API Key is valid for six hours. After that, you will have to login again to receive a new API Key.

# Logging in

To login and receive an API key you need to call our /auth endpoint.

URL : /auth

Method : POST

If your login was successful, you will receive an API key / token that you will need to put in the HTTP header api-key to make further calls.

GET /v1/campaigns HTTP/1.1
Host: api.advertiser.tonic.com
User-Agent: curl/7.58.0
Accept: */*
api-key: somevalidapikey

# Request

This call needs no authentication

Name Description Constraints Mandatory
email User e-mail address a valid registered email address
password User password plaintext user password

# Response

# Success

Name Description
token authentication token

# Examples

Say you try to login with this request:

	"email": "a.valid@email.com",
	"password": "$uper$ecurePa55w0rd"

You will receive this, if your credentials were correct:

	"token": "R4nd0mlyG3n3r4t3d4P1K3y"

As soon as you have received the token, you can start using the API!

Bad credentials

But if your credentials are not correct, say if you had a typo, you will get:

	"error": "INVALID_LOGIN",
	"message": "Username or Password not correct!"

The HTTP Code for this is 403 INVALID_LOGIN.

Blocked account

It could also occur that your account has been blocked for some reason:

	"error": "ACCOUNT_BLOCKED",
	"message": "You have been blocked, please contact TONIC. Support."

The HTTP Code for this is 403 ACCOUNT_BLOCKED. If you receive this error please contact our support team, as the message tells you.

# Token Expiry

If you receive 403 FORBIDDEN even though you have sent us an API Key that worked previously, your session expired.

Just fetch a new token with the same credentials to go on.

Last Updated: 7/21/2020, 8:06:44 AM