API ReferenceCore API
Core API Authentication
Learn how to authenticate with the RequestRocket Core API
Core API Authentication
The Core API uses personal user tokens for authentication, providing secure access to all your RequestRocket resources.
User Tokens
Each user has personal access tokens that can be found in their profile settings. These tokens are:
- Personal: Tied to your user account
- Prefixed: Always start with
u- - Permanent: Don't expire unless revoked by RequestRocket support (we're working on letting you manage these tokens yourself)
- Full Access: Grant complete access to your account
User tokens should be treated like passwords. Never share them, commit them to version control, or expose them in client-side code.
Getting Your User Token
Navigate to Settings
Click on your user menu and select "Settings".
Access Keys Tab
Click on the "Keys" tab in the settings page.
Copy Your Token
Your personal API tokens will be displayed. Copy the token you need.
Learn more about personal settings →
Using Authentication
Include your user token in the Authorization header of every Core API request:
Core API requests use a raw Authorization header value (no Bearer prefix).
Request Format
GET /clients HTTP/1.1
Host: api.requestrocket.com
Content-Type: application/json
Authorization: u-your-token-here-123456789Example Requests
const response = await fetch('https://api.requestrocket.com/api/clients', {
method: 'GET',
headers: {
'Content-Type': 'application/json',
'Authorization': process.env.REQUESTROCKET_USER_TOKEN
}
});
const data = await response.json();
console.log(data.clients);import requests
import os
headers = {
'Content-Type': 'application/json',
'Authorization': os.environ.get('REQUESTROCKET_USER_TOKEN')
}
response = requests.get(
'https://api.requestrocket.com/api/clients',
headers=headers
)
data = response.json()
print(data['clients'])package main
import (
"encoding/json"
"fmt"
"io"
"net/http"
"os"
)
type Response struct {
Clients []map[string]interface{} `json:"clients"`
Message string `json:"message"`
}
func main() {
client := &http.Client{}
req, err := http.NewRequest("GET", "https://api.requestrocket.com/api/clients", nil)
if err != nil {
panic(err)
}
req.Header.Set("Content-Type", "application/json")
req.Header.Set("Authorization", os.Getenv("REQUESTROCKET_USER_TOKEN"))
resp, err := client.Do(req)
if err != nil {
panic(err)
}
defer resp.Body.Close()
body, err := io.ReadAll(resp.Body)
if err != nil {
panic(err)
}
var result Response
json.Unmarshal(body, &result)
fmt.Println(result.Clients)
}import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;
import java.net.URI;
import com.google.gson.Gson;
import com.google.gson.JsonObject;
public class RequestRocketExample {
public static void main(String[] args) throws Exception {
String userToken = System.getenv("REQUESTROCKET_USER_TOKEN");
HttpClient client = HttpClient.newHttpClient();
HttpRequest request = HttpRequest.newBuilder()
.uri(URI.create("https://api.requestrocket.com/api/clients"))
.header("Content-Type", "application/json")
.header("Authorization", userToken)
.GET()
.build();
HttpResponse<String> response = client.send(request,
HttpResponse.BodyHandlers.ofString());
Gson gson = new Gson();
JsonObject jsonResponse = gson.fromJson(response.body(), JsonObject.class);
System.out.println(jsonResponse.get("clients"));
}
}curl -X GET "https://api.requestrocket.com/api/clients" \
-H "Content-Type": "application/json" \
-H "Authorization: ${REQUESTROCKET_USER_TOKEN}"Authentication Errors
401 Unauthorized
Occurs when:
- No
Authorizationheader is provided - Token is invalid or malformed
- Token has been revoked
Response:
{
"error": "Unauthorized",
"message": "Invalid or missing authentication token",
"status": 401
}Solution:
- Verify your token is correct
- Ensure the
Authorizationheader is included - Check that your token hasn't been revoked
403 Forbidden
Occurs when:
- Token is valid but lacks necessary permissions
- Attempting to access another user's resources
Response:
{
"error": "Forbidden",
"message": "Insufficient permissions to access this resource",
"status": 403
}Solution:
- Verify you have the correct role in the organisation
- Check that you're accessing your own resources
Security Considerations
Token Storage
Secure storage options:
- Environment variables (for server-side applications)
- AWS Secrets Manager
- Azure Key Vault
- HashiCorp Vault
- Kubernetes Secrets
Never store in:
- Client-side code
- Version control systems
- Public repositories
- Log files
- Error messages
Token Transmission
- Always use HTTPS
- Never send tokens in URLs or query parameters
- Only use the
Authorizationheader - Don't log tokens in application logs
Token Scope
User tokens provide full account access:
- Can create, read, update, and delete all resources
- Can manage users and permissions
- Can view sensitive information
There are currently no scoped or limited tokens. Each user token has full access to all resources the user can access.
Token Revocation
If a token is compromised:
- Contact support immediately
- They will revoke the compromised token
- A new token will be issued
- Update your applications with the new token
Testing Authentication
Verify Token
Test your authentication with a simple request:
async function testAuth() {
try {
const response = await fetch('https://api.requestrocket.com/api/clients', {
headers: {
'Authorization': process.env.REQUESTROCKET_USER_TOKEN
}
});
if (response.ok) {
const data = await response.json();
console.log('Authentication successful!', data);
} else {
console.error('Authentication failed:', response.status);
}
} catch (error) {
console.error('Error:', error);
}
}
testAuth();import requests
import os
def test_auth():
try:
response = requests.get(
'https://api.requestrocket.com/api/clients',
headers={'Authorization': os.environ.get('REQUESTROCKET_USER_TOKEN')}
)
if response.ok:
print('Authentication successful!', response.json())
else:
print(f'Authentication failed: {response.status_code}')
except Exception as e:
print(f'Error: {e}')
test_auth()package main
import (
"fmt"
"io"
"net/http"
"os"
)
func testAuth() {
client := &http.Client{}
req, err := http.NewRequest("GET", "https://api.requestrocket.com/api/clients", nil)
if err != nil {
fmt.Println("Error creating request:", err)
return
}
req.Header.Set("Authorization", os.Getenv("REQUESTROCKET_USER_TOKEN"))
resp, err := client.Do(req)
if err != nil {
fmt.Println("Error making request:", err)
return
}
defer resp.Body.Close()
body, _ := io.ReadAll(resp.Body)
if resp.StatusCode == 200 {
fmt.Println("Authentication successful!", string(body))
} else {
fmt.Printf("Authentication failed: %d\n", resp.StatusCode)
}
}
func main() {
testAuth()
}import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;
import java.net.URI;
public class TestAuth {
public static void main(String[] args) {
try {
String userToken = System.getenv("REQUESTROCKET_USER_TOKEN");
HttpClient client = HttpClient.newHttpClient();
HttpRequest request = HttpRequest.newBuilder()
.uri(URI.create("https://api.requestrocket.com/api/clients"))
.header("Authorization", userToken)
.GET()
.build();
HttpResponse<String> response = client.send(request,
HttpResponse.BodyHandlers.ofString());
if (response.statusCode() == 200) {
System.out.println("Authentication successful!");
System.out.println(response.body());
} else {
System.out.println("Authentication failed: " + response.statusCode());
}
} catch (Exception e) {
System.err.println("Error: " + e.getMessage());
}
}
}curl -X GET "https://api.requestrocket.com/api/clients" \
-H "Authorization: ${REQUESTROCKET_USER_TOKEN}" \
-w "\nHTTP Status: %{http_code}\n"Expected response (200):
{
"clients": [
{
"clientId": "...",
"clientName": "..."
}
],
"message": "Success"
}Error response (401):
{
"error": "Unauthorized",
"message": "Invalid or missing authentication token",
"status": 401
}