Authentication
The Audian API uses a token-based authentication system. You exchange your API key for an auth token, then use that token for all subsequent API calls.
Authentication Flow​
1. Exchange API Key → 2. Receive auth_token + account_id → 3. Use X-Auth-Token header
Quick Start​
Step 1: Authenticate​
Exchange your API key for an auth token:
curl -X PUT https://api.audian.com:8443/v2/api_auth \
-H "Content-Type: application/json" \
-d '{
"data": {
"api_key": "YOUR_API_KEY"
}
}'
Step 2: Extract Token and Account ID​
From the response, capture:
auth_token- Your authentication tokendata.account_id- Your account ID
{
"auth_token": "eyJhbGciOiJSUzI1.........",
"data": {
"account_id": "your_account_id"
},
"status": "success"
}
Step 3: Make API Calls​
Use the X-Auth-Token header for all subsequent requests:
curl -X GET \
"https://api.audian.com:8443/v2/accounts/${ACCOUNT_ID}/users" \
-H "X-Auth-Token: ${AUTH_TOKEN}" \
-H "Accept: application/json"
Authentication Methods​
| Method | Description | Documentation |
|---|---|---|
| API Keys | Primary authentication method | API Keys |
| OAuth 2.0 | For third-party integrations | OAuth |
| Auth Tokens | Short-lived session tokens | Tokens |
Base URL​
All API requests use:
https://api.audian.com:8443/v2/
Required Headers​
| Header | Value | Required |
|---|---|---|
X-Auth-Token | Your auth token | Yes (after authentication) |
Content-Type | application/json | Yes (for POST/PUT requests) |
Accept | application/json | Recommended |
Getting Your API Key​
- Log in to my.audian.com
- Navigate to Settings → API Keys
- Create a new API key
- Store it securely
Authentication Errors​
401 Unauthorized​
Invalid or missing authentication:
{
"error": "401",
"message": "unauthorized",
"status": "error"
}
Solutions:
- Verify your API key is correct
- Check that your auth token hasn't expired
- Re-authenticate to get a fresh token
403 Forbidden​
Authenticated but insufficient permissions:
{
"error": "403",
"message": "forbidden",
"status": "error"
}
Solutions:
- Verify your account has access to the requested resource
- Check that your API key has the required permissions
Security Best Practices​
- Store API keys securely - Use environment variables, never hardcode
- Rotate keys regularly - Every 90 days for production
- Use HTTPS only - All API calls must use HTTPS
- Don't log tokens - Never print or log auth tokens
- Re-authenticate as needed - Auth tokens expire; refresh when needed
Next Steps​
- API Key Authentication - Detailed authentication guide
- Security Best Practices - Keep your integration secure
- API Basics - Request and response formats