PrizmDoc® v14.2 Release - Updated
PrizmDoc / API Reference / Cloud Authentication / Authenticating Requests
In This Topic
    Authenticating Requests
    In This Topic

    Introduction

    When using PrizmDoc Cloud, you must authenticate all HTTP requests. You can do this in one of two different ways:

    Using Your API Key

    Include an acs-api-key header with your API key as the value.

    Example

    POST `https://api.accusoft.com/PCCIS/V1/ViewingSession`
    acs-api-key: <your key here>
    Content-Type: application/json
    {
        "render": {
            "html5": {
                "alwaysUseRaster": false
            }
        }
    }
    
    

    To obtain an API key, visit https://www.accusoft.com/portal/.

    Using OAuth

    To facilitate granular access to PrizmDoc Cloud account data, especially document storage, another level of authorization must be implemented to further identify requests. The OAuth 2.0 specification allows for this type of authorization. Using OAuth, PrizmDoc Cloud can not only authorize a request via the PrizmDoc Cloud API key, but also by custom user information provided by clients. Ultimately, this will allow for the creation of rules by PrizmDoc Cloud customers to limit access to various resources.

    OAuth Authorization Method

    Per the OAuth spec, PrizmDoc Cloud implements the client credentials grant method. This relies on authentication through the PrizmDoc Cloud API key. See: https://www.rfc-editor.org/rfc/rfc6749.html#section-4.4. By default, the expire time for the access token is set to one day. Initially at least, the use of OAuth necessitates the use of server-side code for the creation of the access tokens. For more information, see the OAuth API reference.