Authentication
1 Introduction
Mendix APIs are secured by either API keys or personal access tokens (PATs). Both mechanisms allow clients such as a CI/CD pipeline to consume the platform APIs on behalf of the platform user who created the token. The benefit of a PAT compared to an API key is that the platform user can restrict the scope of delegated access to specific APIs during creation of the PAT. In the specific API document, you can find information about the mechanism used for the API.
2 Authentication Using an API Key
2.1 Obtaining an API Key
To obtain a Mendix API key, follow the instructions in the API Keys section of Mendix Profile.
2.2 Using Authentication Headers
Use the following request headers to authenticate an API call:
Mendix-Username
– the login name of the requesting user with the required privileges in the Mendix PlatformMendix-ApiKey
– the API key of this user
For an example, see one of the Request sections in Deploy API – Version 1.
3 Authentication Using a PAT
The benefit of a PAT compared to API keys is that the platform user can restrict the scope of delegated access to specific APIs, by selecting the correct scopes during creation of the PAT.
3.1 Generating a PAT
To generate a PAT, follow the instructions in the Personal Access Tokens section of Mendix Profile. Make sure that you select the correct scopes for the PAT that you generate. You can find the correct scopes in the specific API document.
3.2 Using the PAT
Include an Authorization
header with the value MxToken {GENERATED_PAT}
to authenticate an API call. For an example, see the Using the PAT section of the Webhooks API.
Feedback
Was this page helpful?
Glad to hear it! Thank you for your response.
Sorry to hear that. Please tell us how we can improve.