Migration Guide
Migrating from access token based authorization to API key based authorization requires the following changes:
-
Obtain an API key following the steps in the authorization page.
-
You no longer need to call the
GET /tokenendpoint in your request flow. Whether you called this endpoint on every request or on a schedule, this will no longer be required. -
Update the client that calls the Augment API to use "Basic" instead of "Bearer" in the
Authorizationheader. Here's a simple representation in pseudocode of how the logic may change:
// -- Legacy flow --
// get secret from storage
accessToken = getSecret()
// build request headers
headers = new Headers()
headers.set("Authorization", "Bearer " + accessToken)
headers.set("content-type", "application/json")
// make a request with the headers in the options
options.set(headers)
httpClient.request(url, options)
// -- New flow --
// get secret from storage
apiKey = getSecret()
// encode apiKey (":" between username and password is required)
encodedKey = base64Encode(":" + apiKey)
// build request headers
headers = new Headers()
headers.set("Authorization", "Basic " + encodedKey)
headers.set("content-type", "application/json")
// make a request with the headers in the options
options.set(headers)
httpClient.request(url, options)
- Error handling: an HTTP 401 means the API key as provided is invalid, expired, or revoked. An HTTP 5xx error can be a temporary issue at Augment and your request may need to be retried.
Troubleshooting
"Unauthorized" errors:
- Check the key itself is being included in the request
- Check the key is being encoded before being sent in the Authorization header
- Check for extra whitespace or newlines
- Verify you're using the correct API key for your environment (test vs live)
- A revoked key cannot be used or enabled
- Check that you're calling the correct API base URL