Requests use the HTTP
Authorization header to both authenticate and authorize operations. The Tape API accepts bearer tokens in this header. Each Tape user has an user API key associated with it that acts as a bearer token to authentciate with the API.
Where does one find the user API key?
The user API key can be found inside the user settings after logging into Tape. Click the user avatar on the top right, and navigate to "Preferences". After opening the user preferences you will find the API key inside the "API" section (accessible via the left navigation bar). Here, you can copy the key and also rotate the key should you want a new one. Note that the existing one will not work anymore after rotating to a new key.
Additional notes and limitations
Note that your API key carries the same privileges as your user account, so be sure to keep it secret! However, if your API key gets leaked, you can always deactivate it and generate a new one inside your user settings.
User API key implications and limitations
It is also notable that as each API key belongs to a user, all changes made using that API key will show the respective user as author, e.g. inside the record's activity stream. This also leads to the fact that you will not receive notifications, if you follow a record and make a change using your own API key. A workaround is to have a dedicated user, e.g. called "API User" that will then act as a host to yield the key that will then be utilized.
Here's an example of how to correctly set the
curl https://api.tapeapp.com/v1/record/1 \
-H "Authorization: Bearer user_key_replace_with_your_api_key"
GET /v1/record/1 HTTP/1.1
Authorization: Bearer user_key_replace_with_your_api_key
Authentication via OAuth
In the future, Tape plans to support authentication flows via OAuth. For now, the user API key is the only way of authentication.
Tape returns comprehensive error messages for authentication failures:
"error_message": "Invalid user API key for accessing endpoint '/v1/record/1' (key has to start with 'user_key_')"
"error_message": "Invalid user API key for accessing endpoint '/v1/record/1' (signature check not passed, key is malformed)"
"error_message": "Missing authentication for Dev-API endpoint: '/v1/record/1' (no user API key provided)"