GuideReference

Authorization

Obtaining and using an API key

Please reach out to your account manager to obtain API keys for your test account and for your live account. Keep the API keys stored safely, as they provide write access to your account. Never publish API keys to version control.

The API key should be used in the password field of Basic Authentication with all requests. There is no username required, and the string must be base64 encoded per spec.

Note: The API key goes in the password field with an empty username. The leading colon (:) indicates an empty username field when encoding, and is required.

Manual Base64 Encoding 

# Encode your API key with leading colon
echo -n ":your_api_key_here" | base64
# Result: OnlvdXJfYXBpX2tleV9oZXJl

Testing the API key

We have an auth check endpoint that will allow you to test your API key without writing any data to your account. Use our auth check endpoint to verify your API key without writing data to your account. Great for setup and troubleshooting, but not intended for automated production health checks.

Example Requests

The curl request will look like the following:

curl -iX POST "$AUGMENT_API_BASE_URL/v2/auth-check" \
  -H "Authorization: Basic OnlvdXJfYXBpX2tleV9oZXJl"

Or by passing the API key in the -u flag:

curl -iX POST "$AUGMENT_API_BASE_URL/v2/auth-check" \
  -u ":$AUGMENT_API_KEY"

Creating a load with API key auth (with sample payload):

curl -iX POST "$AUGMENT_API_BASE_URL/v2/loads" \
  -H "Authorization: Basic OnlvdXJfYXBpX2tleV9oZXJl" \
  -H "content-type: application/json" \
  -d '{"brokerage":{},"load":{"loadNumber":"1","mode":"FTL","status":"DRAFT","route":[{"sequence":1,"stopActivity":"PICKUP","expectedArrivalWindowStart":"2025-09-01T12:00:00Z","expectedArrivalWindowEnd":"2025-09-01T14:00:00Z","address":{"street1":"1 Santa Monica Blvd","city":"Santa Monica","stateOrProvince":"CA","postalCode":"90401","country":"US"}},{"sequence":2,"stopActivity":"DELIVERY","expectedArrivalWindowStart":"2025-09-02T12:00:00Z","expectedArrivalWindowEnd":"2025-09-02T14:00:00Z","address":{"street1":"1 Market St","city":"San Francisco","stateOrProvince":"CA","postalCode":"94105","country":"US"}}]}}'

Error Handling

Status Code Meaning Action
401 Unauthorized Invalid, expired, or revoked API key Check your API key and the structure of your request
5xx Server Error Augment service issue Retry with exponential backoff

Security Best Practices

  • Environment Variables: Get API keys from environment variables, not source code
  • Separate Environments: test account API keys will not work in live, and viceversa
  • Access Control: Limit API key access to only the systems that need it

Key Management

The API key never expires. However, the key can be revoked. We will be providing key revocation and key rotation functionalities in the near future, accessible from the Augment portal.

If a key needs to be revoked, please reach out to your account manager. You will be asked to provide the key to revoke.

Q4 2025

  • Self-service key management via Augment portal
  • Automated key rotation capabilities

Legacy: Access Token Auth

Please reach out to your account manager to obtain an access token for your test account and for your live account. The access token should be used as a Bearer token with all requests.

Use the GET /token endpoint to verify and refresh your accessToken. Remember to update your stored access token if the response contains a new token. Please see the API reference for the exact details on how to form the request and the expected response.

IMPORTANT: Please keep your access token safe. If your access token ever gets compromised, please reach out to your account manager.