We have three standard headers that we expect, detailed below. To summarise, we expect all API users to send these on every request, where
$API_KEY is replaced by your API key:
Authorization: GriffinAPIKey $API_KEY Content-Type: application/json Accept: application/json
All API requests require the
Authorization header. The value of the header is always
GriffinAPIKey plus your API key. You don't need to encode the API key in any way; just send it as plain text.
We do not support
Basic as an authorization method in our API.
The API key is shown once and only once after creation in the Griffin
application. If you've forgotten your API key, you need to log in, delete it,
and create a new one.
The Accept header determines what format you receive the response in. All API requests should specify
application/json for our JSON representation.
Long-running reports typically return either a CSV file or a ZIP
file containing multiple CSVs. This is to both keep file sizes down, and to
facillitate importing in to a spreadsheet or another tool for further
processing. This is clearly marked in the documentation.
Content-Type header has the same rules as the
Accept header. You may supply a HTTP request body in either
application/json (recommended) or
Note that we treat
Content-Type separately, therefore both should be supplied as
application/json to ensure requests are processed as JSON and that responses are returned as JSON.
Updated about a month ago