To authenticate with the sipgate REST API, you can use personal access tokens. Long-term, these will replace the basic auth procedure. So if you are just getting started with sipgate.io, personal access tokens are the way to go.
They use a unique combination of token id and token instead of the usual username and password combination for authentication (basic auth).
Compared to basic auth, personal access tokens are more secure:
- Finer control through scopes lets you manage authorizations
- Scopes let you limit access to certain areas of the account for certain tokens
- You can easily delete compromised tokens
- No need to send username and password over the network
- If you enabled 2-factor authentication, this also protects generating tokens
Note: You can create, manage and delete your personal access tokens in your account.
Note: When assigning scopes (authorizations), make sure that you only assign the scopes that are required for your application. Granting unnecessary access represents a security risk.
Examples of how you can use a personal access token to authenticate with the API can be found in our documentation.