Authentication

All API requests to GridLogs require authentication using API keys. This ensures that only authorized users can access the services.

API Keys

API keys are used to authenticate requests to the GridLogs API. Each API key is associated with specific permissions that determine which endpoints you can access.

Using API Keys

Include your API key in all requests to the GridLogs API by adding an X-API-Key header:

curl -X GET https://api.gridlogs.co/v1/business-cases \
  -H "X-API-Key: your_api_key_here"

Request Headers

X-API-Key

string

required

Your API key

Response to Unauthenticated Requests

If you don’t include an API key or use an invalid key, you’ll receive a 401 Unauthorized response:

{
	"statusCode": 401,
	"message": "Unauthorized",
	"error": "Unauthorized"
}

Organization Context

The API key also determines which organization’s data you can access. All requests are automatically scoped to the organization associated with your API key.

For endpoints that create resources, the organization ID is automatically assigned based on your API key, ensuring data segregation between different organizations.

Security Best Practices

Never share your API key publicly or in client-side code
Implement proper key rotation procedures
Use environment variables to store API keys securely
Restrict your API key to only the permissions necessary for your use case

Example: Setting Up Authentication in Different Languages

# Example setup for a Python application
import requests
import os

# Store your API key in an environment variable
api_key = os.environ.get('GRIDLOGS_API_KEY')

def make_api_request(endpoint, method='GET', data=None, params=None):
    url = f"https://api.gridlogs.co/v1/{endpoint}"
    headers = {
        "X-API-Key": api_key,
        "Content-Type": "application/json"
    }
    
    if method == 'GET':
        response = requests.get(url, headers=headers, params=params)
    elif method == 'POST':
        response = requests.post(url, headers=headers, json=data)
    elif method == 'PUT':
        response = requests.put(url, headers=headers, json=data)
    elif method == 'DELETE':
        response = requests.delete(url, headers=headers)
    
    response.raise_for_status()  # Raise an exception for HTTP errors
    return response.json()

# Example: Get a list of business cases
business_cases = make_api_request('business-cases', params={'limit': 10})

​Authentication

​API Keys

​Using API Keys

​Request Headers

​Response to Unauthenticated Requests

​Organization Context

​Security Best Practices

​Example: Setting Up Authentication in Different Languages