Skip to main content

Authentication

The Pragma API uses API keys to authenticate requests. The API keys will be provided to you by Pragma Support team.

Note that API keys are live and test mode specific. A test mode API key will only return test mode data and vice versa.

warning

Be sure to keep your API keys secure! Do not share your API keys in publicly accessible areas such as GitHub, client-side code, and so forth.

To authenticate requests, API keys must be included in the Authorization header as a Bearer token in the format:

Authorization: Bearer {api_key_}

Unauthenticated requests will receive a 401 Unauthorized response.

Internally, we're using three resources to authenticate and authorize requests:

General concept authentication and authorizationGeneral concept authentication and authorization

Location

Location represents the source of reports for a business (such as restaurant, bar, store or anywhere a seller does business). The location is created on the first sign up of a business to Pragma.

From the API Key you provide, we can infer the location. If you have multiple locations, you will need to create multiple API keys.

API Keys

API keys are used to authenticate requests to the Pragma API.

A location can have multiple API keys. Each API key will be assigned to a consumer which will have a set of permissions associated to it.

Thanks to the API key, we can infer the location and the consumer associated to it.

Consumer

A consumer defines a third party that has access to the Pragma API. A consumer can be a developer, a 3rd party partner, or a customer.

A consumer can have multiple API keys, one for each location assigned to the consumer.

A set of permissions is associated to a consumer, similar as a role. The permissions define what the consumer can do with the API.

Example

General concept authentication and authorizationGeneral concept authentication and authorization
  • Location 1 has one API Key api_key_1 which is assigned to the consumer_1.
  • Location 2 has two API Keys api_key_2 and api_key_3.
    • api_key_2 is assigned to consumer_1.
    • api_key_3 is assigned to consumer_2.
  • Location 3 has one API Key api_key_4 which is assigned to the consumer_2.

By providing the right API Key :

  • consumer_1 has access to the Location 1 and 2,
  • and consumer_2 has access to the Location 2 and 3.