Authentication
Daakey uses different authentication methods for each API.
Client API
The Client API uses two authentication layers:
1. Bearer Token (Sanctum)
After login, include the token in all requests:
Authorization: Bearer {token}2. Agency Signature
All Client API requests require an agency signature:
X-Agency-Signature: {base64_payload}.{hmac_hash}See Agency Signature for details.
Dashboard API
The Dashboard API uses Bearer tokens only:
Authorization: Bearer {token}Tokens are obtained via the Login endpoint.
Token Lifecycle
Client API Tokens
- Issued after successful login/registration
- Valid until explicitly revoked (logout)
- Include with every authenticated request
Dashboard API Tokens
- Issued after successful login
- Valid until explicitly revoked (logout)
- Include with every authenticated request
Required Headers
All Requests
http
Accept: application/json
Content-Type: application/jsonClient API (Authenticated)
http
Accept: application/json
Content-Type: application/json
Authorization: Bearer {token}
X-Agency-Signature: {signature}Dashboard API (Authenticated)
http
Accept: application/json
Content-Type: application/json
Authorization: Bearer {token}