All API methods require authorization. There are several ways to authorize the call.
API token allows you to bind the user of the database to the unique identifier to perform API calls without exposing user’s credentials. Moreover, token is database specific - that’s it gives an access only to the database it is defined for.
Existing tokens are listed and new ones can be created under Setup > Database > Integration API > REST API Authorization Tokens. You can create multiple tokens for one user to use in different contexts, so that token removal will disable data access in from one content but not the others. For example, you can issue several tokens for third-party developers to let them make API calls under single user account. Revoking the token will disable access for one developer but not the others.
In order to authorize API call you can send the token via Authorization HTTP Header
GET https://www.teamdesk.net/secure/api/v2/21995/user.json Authorization: Bearer 0123456789ABCDEF0123456789ABCDEF
Or embed token into URL after database ID such as
though, while embedding looks simple, please keep in mind that request URL may leave traces in upstream proxies and Internet providers’ logs; sending token via header is a bit more secure.
Basic Access Authentication
In addition to token authorization API supports HTTP basic access authentication scheme. This scheme is a well-supported by every HTTP client. Moreover, many interactive clients, such as browser or Microsoft Excel, will prompt for username and password via dialog box if credentials are not provided.
Re-use authorization cookie
This method is only suitable when building calls from HTML snippets embedded into TeamDesk pages. When minus sign (-) is added after database id we’ll try to re-use existing TeamDesk authorization cookie to authenticate the user. Please note that this method won’t work in Call URL actions.