AppID and AppKey

The AppID and the AppKey are used to identify the application which invokes the REST API.

These values are included in the two items below:

Access URL

Many REST APIs include the AppID in the access URL.

For example, you will use an access URL as below to create a user.

https://api-jp.kii.com/api/apps/{APP_ID}/users

Replace {APP_ID} with the AppID of your application in the above example.

HTTP Headers

Kii Cloud identifies applications based on the below HTTP headers.

Note that the X-Kii-AppID/X-Kii-AppKey headers are available for backward compatibility in identifying applications. Basically, use the Authorization headers.

Authorization Headers

Access Token (Authorization: Bearer)

Many API requests are sent with the access token embedded in the Autorization Bearer header as described in Access Token and "me" Literal.

Kii Cloud identifies an application based on the embedded access token.

Basic Authentication (Authorization: Basic)

Several API requests such as those with the login API do not require any access token.

Use Basic authentication in such API requests. Specifically, embed AppID as username and AppKey as password in the Authorization: Basic header in the request. See Execution with Basic Authentication for more information.

Kii Cloud identifies an application based on the embedded credentials.

X-Kii-AppID/X-Kii-AppKey Headers

You can directly embed AppID to the X-Kii-AppID header and AppKey to the X-Kii-AppKey header in API requests in API requests which do not require any access token instead of using Basic authentication.

Kii Cloud identifies an application based on the embedded AppID and AppKey.

You can ensure security by appropriate access control even if you embed AppID and AppKey in the mobile app. See Security for more information.