API Authentication


Introduction

The Cohort Go Platform API supports the creation of API Users, allowing you to use a generated email address and password to authenticate using Basic Authentication. This authentication method will be suitable if you're looking to establish a fixed server-to-server connection, such as a data import-export tool.

Alternatively, if your use case requires acting on behalf of individual users, please contact your Cohort Go account representative to discuss other authentication options.

Authenticating as an API User

An API user uses a generated email address and password to authenticate via Basic Auth. This is best for a fixed integration that needs specific access to the platform in a server-to-server context.

Creating an API User

Visit the Settings -> API Users page within your portal. Click 'New API User'. Provide a meaningful name, and select the access level you'd like your user to have. If you're just starting out, you may want to start with an Administrator account to enable full access, then revise this down once you've completed your integration and are able to provide more granular permissions.

After saving the user, you'll be presented with the auto-generated password for this account. Note this down, since it won't be displayed again. If you lose the password, it can be reset by clicking the ellipsis menu on the user and requesting a reset.

Using an API User

Calls with an API user are authenticated via Basic Auth. Most language client libraries will have native support for this - the username and password are joined with a :, then encoded using Base64. This is then passed in a header like Authorization: Basic <encoded-string>.

Any actions performed by the API user that update data will be recorded in the audit log against the auto-assigned email address displayed in the API User list.

Terminating an API User

If an API user is no longer required, the Delete option should be used in the Settings -> API Users page within your portal. This will prevent the user being used for any further API calls.

Other authentication options

If the API User authentication flow is not sufficient for your use case (for example, if your application needs to act on behalf of specific users with their authorisation), an alternative authentication method using the OAuth2 standard is available on request.

The assistance of the Cohort Go tech team will be required in order to authorise and configure your application for use with the OAuth2 authentication method. If you would like to use this method, please contact your Cohort Go account representative.