PrizmDoc Viewer v13.11 Release - Updated
Authenticating Requests
API Reference > Cloud Authentication > Authenticating Requests

Introduction

When using PrizmDoc Cloud, you must authenticate all HTTP requests. You can do this in one of two different ways:

Using Your API Key

Include an acs-api-key header with your API key as the value.

Example

POST https://api.accusoft.com/PCCIS/V1/ViewingSession acs-api-key: <your key here>
Content-Type: application/json
{
    "render": {
        "html5": {
            "alwaysUseRaster": false
        }
    }
}

To obtain an API key, visit https://www.accusoft.com/portal/.

Using OAuth

To facilitate granular access to PrizmDoc Cloud account data, especially document storage, another level of authorization must be implemented to further identify requests. The OAuth 2.0 specification allows for this type of authorization. Using OAuth, PrizmDoc Cloud can not only authorize a request via the PrizmDoc Cloud API key, but also by custom user information provided by clients. Ultimately, this will allow for the creation of rules by PrizmDoc Cloud customers to limit access to various resources.

OAuth Authorization Method

Per the OAuth spec, PrizmDoc Cloud implements the client credentials grant method. This relies on authentication through the PrizmDoc Cloud API key. See: https://www.rfc-editor.org/rfc/rfc6749.html#section-4.4. By default, the expire time for the access token is set to one day. Initially at least, the use of OAuth necessitates the use of server-side code for the creation of the access tokens. For more information, see the OAuth API reference.