Use a Browser API Token With an Integration
- Applies to:
- All MindTouch Versions
- Role required:
- Admin
Prerequisites
How to Use Your Browser API Token
The token key is included in an API request by setting it as the X-Deki-Token
HTTP header value.
Examples
Fetch API
const key = 'dacaffe7ce69dfd1071531e925f667905a1c981fb40d06c676880e84352cb3aa'; fetch('https://example.com/@api/deki/pages/home/info', { headers: { 'X-Deki-Token': key } }).then((response) => { // ... });
jQuery
const key = 'dacaffe7ce69dfd1071531e925f667905a1c981fb40d06c676880e84352cb3aa'; $.ajax({ url: 'https://example.com/@api/deki/pages/home/info', method: 'GET', headers: { 'X-Deki-Token': key } }).done((data) => { // ... });
Upon receipt, Expert checks the Origin
HTTP Header sent by the browser against the hostname patterns allowed when the Browser API Token was generated. If there is a match, the cross origin API request is allowed. If the origin hostname does not match any of the Browser API Token's allowed hostname patterns, the API request is denied and an error message is returned.
Testing with Codepen, JSFiddle, Postman
Popular tools for web development experimentation are hosted JavaScript, HTML, and CSS sandboxes such as CodePen or JSFiddle, or local API development clients such as Postman. When using hosted tools, confirm that the domain the tool uses for HTTPS communication with the Expert API was allowed when the Browser API Token was generated.
The primary use case of Browser API Tokens is safely managing access to the Expert API using Cross Origin Resource Sharing (CORS). API development clients, such as Postman, generally have trouble leveraging Browser API Tokens unless they can set an Origin
HTTP Header. If testing with these tools is desired, consider using a Server API Token instead.