The credentials allow you to perform a request against the /auth endpoint to retrieve an initial authentication token.

In every request, the authorization header has to be set:
Authorization: Bearer YOUR_TOKEN_HERE

After each request, a new token is generated and sent back to the user in the authorization (lowercased) header. You can use this token to make the next request. With every new call, the previous token is invalidated.

🚧

Normally, the headers should be case insensitive. Meaning both (capitalized or lowercased) headers are the same.
However, due to a change in our internal communication, we enforce the lowercased headers.
This might cause issues for the consumers who respect the case of the header. In this case, we recommend the switch to the case-insensitive way of working with the headers.

Retrieved unused tokens have a lifetime of one day.

📘

The API can be used with TLS 1.2 and 1.3 and an up-to-date cipher.

Rate Limits
The actual rate limit for the usage of the API /auth endpoint is 60 requests per minute.