Authenticating with Altalix
As a partner, you need to know about the authentication we use:
API KeyYou can generate these from the partner portal and is used as a bearer token to our permissioned endpoints.
RSA Signing Key PairWe require our partners to generate an RSA Key Pair and upload the public key to our partner portal. This is used to sign user requests.
Keys must be stored securely as a secret as it's used to uniquely authenticate you
Read more about bearer tokens here
Log into the partner portal using the credentials you will have been provided. First click on menu to 'Generate API Key', then you can select an expiry date and click 'GENERATE'.
The generated key can now be used as your API Key so just include it as you bearer token to access permissioned endpoints.
RSA Signing Key Pair
To generate a RSA key pair you can use the follow openssl command:
Private key for Signing:
openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out rsa.pem -outform PEM
Generating a Public Key for Altalix to Verify:
openssl rsa -in rsa.pem -outform PEM -pubout -out public.pem
Copy the contents of public.pem into the partner portal under
Signing Keys and
Keep a record of the generated
ID for this active key as it will be used as a
key_id during Signing
Restricted User Rate Token
This is an optional step to prevent your backend servers being overloaded with rate requests.
If your client application is rendered client side - like Angular / React / Native App - then you can generate a token so the client can call directly to Altalix and bypass your servers for certain requests:
Below is an example in a Node backend server that generates a user token that can be used to create rate requests.