Authentication
Authenticate your requests to PiktID APIs
The authentication flow for this API is based on access and refresh tokens.
Most endpoints in this API are authenticated with the access token, passed in the Authorization header, using the Bearer scheme.
For added security in single-page applications, the refresh token is also returned in a secure cookie.
Quick start
You will first need to manually sign up to use our services. It's fine if you just want to try out the APIs, as free users get 10 credits and an API token.
Tokens can be generated at any time using Basic HTTP authentication, with the email and password used to sign up.
Generating tokens
Remember!
Both access and refresh are valid for 30 days (by default) from the time they are issued.
Token pairs can be generated using your email and password as Basic Authentication.
import requests
api_url = "https://api.piktid.com/api"
EMAIL = "your email"
PASSWORD = "your password"
response = requests.post(
api_url + "/tokens",
data={},
auth=(EMAIL, PASSWORD),
).json()
access_token = response["access_token"]
refresh_token = response["refresh_token"]The freshly generated access token can then be used to authenticate API requests with the Authentication: Bearer <token> header.
Refreshing tokens
Be careful!
Using a refresh token more than once is considered a possible attack and will cause all existing tokens for the user to be revoked immediately as a mitigation measure.
When the access token expires you can refresh it using the associated refresh token:
response = requests.put(
api_url + "/tokens",
json={
"access_token": access_token,
"refresh_token": refresh_token
},
).json()
access_token = response["access_token"]
refresh_token = response["refresh_token"]Remember to store the new refresh token, as the old one is now invalid.