Guides

Authentication

Suggest Edits

Basic Authentication

The Anduin REST API and GraphQL both require authentication using an API key. To obtain your API key, kindly reach out to your customer success representative or contact us at [email protected].

Please ensure the security of your API keys, as they grant significant privileges. Avoid sharing your secret API keys in publicly accessible spaces such as GitHub or client-side code.

Simply provide your API key in Authorization header of your REST or GraphQL request:

--header 'authorization: anduin_api_key_abadfad1ahf23rhioadfh'

Advanced Authentication (optional)

Customers can enhance security by opting for client certificate authentication. Please contact your customer success representative to get started, and we’ll guide you through the process.

Purpose

Enhance the security of our Public API by implementing client certificate authentication. This approach uses public-key cryptography to verify customer identities while allowing customers to retain control of their private keys, reducing the risk of unauthorized access.

Step-by-step guide

The process involves an additional setup step and information exchange between Anduin and your development team. This step-by-step guide will walk you through the process.

Set up phase

  • Generate private key and CSR file - Customer creates private key and CSR file (Certificate Signing Request) (example using OpenSSL below)
openssl req -new -newkey rsa:2048 -nodes -keyout client1.key -out client1.csr
  • Send CSR to Anduin - Customer then send the CSR file to Anduin (file client1.csr)
  • Receive signed certificate - Anduin signs the CSR and returns a signed client certificate.
    • This certificate is used for authenticating API calls.
    • Certificates are valid for 5 years from the signing date.

Usage phase

  • API access with client certificate - Customers use their private key, the signed client certificate, and their API token to access API endpoints. Use the s- prefix for these secure endpoints, i.e s-api.anduin.app instead of api.anduin.app
  • Example API calls
    • Basic Authentication
    curl --request GET \
     --url https://api.anduin.app/api/v1/fundsub/fund-id \
     --header 'accept: application/json' \
     --header 'authorization: anduin_api_key_abadfad1ahf23rhioadfh'
    • Advanced Authentication
    curl --request GET \
     --url https://s-api.anduin.app/api/v1/fundsub/fund-id \
     --header 'accept: application/json' \
     --header 'authorization: anduin_api_key_abadfad1ahf23rhioadfh'
     --cert client.pem
     --key client1.key

Important Note

  • All API requests must be conducted over HTTPS; calls made over plain HTTP will fail.
  • Proper authentication is mandatory for the successful execution of API requests.

Updated 25 days ago