Authentication

When it comes to accessing the APIs, there are 2 main actors right now:

  • End users who access APIs via widget who can list notifications, mark them as seen and read.

  • Systems which can create notifications for the above said users.

Authentication mechanism

For end users who access APIs via widget

Right now, APIs accessible via widget are authorized based on bunch of headers. They are:

  • X-MAGICBELL-USER-EMAIL A header to specify User (Recipient) email

  • X-MAGICBELL-API-KEY A header to specify API key of the project

  • X-MAGICBELL-USER-HMAC A header to specify computed HMAC for User email

For systems which can manage notifications

  • X-MAGICBELL-API-SECRET A header to specify API secret of the project.