Skip to main content

Overview

OpenAPI supports two authentication methods. We recommend using the direct API key method for simplicity and better security. The simplest way to authenticate is by using your API Key directly. Get your API Key from our API interfaces by clicking on the top API button on this page openAPI. Note: In the frontend interface, this is displayed as “API Key”, but in code implementation, it’s the same value as your previous clientSecret.
  1. Login to our website
  2. Click API icon
  3. Click “API Credentials” to generate your API Key
  4. Use the API Key directly in your requests
All API requests should include your API Key in the HTTP header: Custom x-api-key header 
x-api-key: {API Key}

Method 2: ClientId/API Key (clientSecret) - Legacy Method

For backward compatibility, we also support the traditional clientId/clientSecret method: Note: Your API Key (displayed in frontend) is the same value as your previous clientSecret. In code, you can reference it as either clientSecret or use the x-api-key header format.
  1. Login to our website
  2. Click API icon
  3. Click “API Credentials” to set your key pair (clientId, API Key)
  4. Use the clientId/API Key to obtain an access token via the /getToken endpoint
  5. Use the obtained token in subsequent API calls
Bearer tokens are generally composed of a random string of characters. Formally, it takes the form of the “Bearer” keyword and the token value separated by spaces: 
Authorization: Bearer {token}
Here is an example of an actual Bearer token: 
Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjYyYTA2Mjg1N2YzNWNjNTJlM2UxNzYyMCIsInR5cGUiOiJ1c2VyIiwiZnJvbSI6InRvYiIsImVtYWlsIjoiZ3VvZG9uZ2RvbmdAYWtvb2wuY29tIiwiZmlyc3ROYW1lIjoiZGQiLCJ1aWQiOjkwMzI4LCJjb2RlIjoiNTY1NCIsImlhdCI6MTczMjg2NzczMiwiZXhwIjoxNzMyODY3NzMzfQ._pilTnv8sPsrKCzrAyh9Lsvyge8NPxUG5Y_8CTdxad0
Security Note: Your API Key/token is secret! Do not share it with others or expose it in any client-side code (browser, application). Production requests must be routed through your own backend server, and your API Key can be securely loaded from environment variables or a key management service.

API

When using the direct API Key method, you can include your API Key in the HTTP headers using either format: Custom x-api-key header 
x-api-key: {your-api-key}
No additional token generation step is required. Your API Key serves as the authentication token directly.

Get Token (Legacy Method)

POST https://openapi.akool.com/api/open/v3/getToken
For users still using the clientId/API Key (clientSecret) method, use this endpoint to obtain an access token: Body Attributes
ParameterDescription
clientIdUsed for request creation authorization
clientSecretUsed for request creation authorization (same value as your API Key)
Response Attributes
ParameterValueDescription
code1000Interface returns business status code(1000:success)
tokenAPI token
Please note that the generated token is valid for more than 1 year.

Example

Direct API Key Usage (Recommended)
Using x-api-key header 
curl --location 'https://openapi.akool.com/api/your-endpoint' \
--header 'x-api-key: {{API Key}}' \
--header 'Content-Type: application/json' \
--data '{}'

Legacy Token Generation Method

Body 
{
  "clientId": "64db241f6d9e5c4bd136c187",
  "clientSecret": "openapi.akool.com"
}
Request 
curl --location 'https://openapi.akool.com/api/open/v3/getToken' \
--header 'Content-Type: application/json' \
--data '{
  "clientId": "64db241f6d9e5c4bd136c187",
  "clientSecret": "openapi.akool.com"
}'
Response 
{
"code": 1000,
"token": "xxxxxxxxxxxxxxxx"
}
Response Code Description
Please note that if the value of the response code is not equal to 1000, the request is failed or wrong
ParameterValueDescription
code1000Success
code1101Invalid authorization or The request token has expired
code1102Authorization cannot be empty
code1200The account has been banned