Authenticating with our API

To authenticate to our API, you will need to generate some API Keys in the Developers section of your Sargon account. Depending on the type of application you create this will generate a Client ID and for backend applications also a Client Secret. You can create multiple sets of credentials to represent your client applications - e.g. Web, Mobile, Backend.

Once you have the credentials there are several ways to authenticate:

  • Unauthenticated Access: Some endpoints may be accessed without first verifying the user's identity. An example is Create Member that is used for onboarding new members. For these endpoints you identify your fund by sending your application's Client ID in the request as header X-Api-Key
  • User Access: User authentication is for requests representing a user, for example a fund member, and requires valid user credentials. The user credentials are exchanged for an OAuth 2 token with appropriate scopes and is used for all subsequent requests to the API for this session.
  • Integration Access: Integration authentication is for fund level System to System API usage. Integration level access tokens can only be requested using a backend application and client_credentials OAuth flow.

Your API keys provide access to sensitive information so be sure to keep them secure. DO NOT share any client secrets in publicly accessible areas such GitHub, client-side code, and so forth.

All API requests must be made over HTTPS. Calls made over plain HTTP will fail. API requests without authentication will also fail.

Authorization Scopes

The Sargon API can be used in a broad variety of use cases and caters for different types of access and credentials. The API uses OAuth authorisation scopes to ensure secure access for the appropriate user and integration.

Available scopes:

  • https://api.sargon.com/member Provides 'member level' information and typically used for member-facing online experiences. For security, the API scope is restricted to access an individual member.
  • https://api.sargon.com/integration Provides 'fund level' information and facilitates flexible integrations to analytics and operational software. Can only be requested using a backend client and Client Credentials grant.

Node.js API Client Library

To easily get started, you may want to use the Sargon node.js API client library:

npm install @sargon/api-client

Please read through the examples in our Developer Code Samples page in your account for more information.

Hitting our endpoints directly

Alternatively, you can hit the endpoints directly on api.sargon.com.

To authenticate, you will need to use your API Keys and make a request for a token from the Authorization (OAuth) server we've configured for your fund.

Then, you use the token as part of your HTTP Bearer Token Authorization. i.e. add the following request header:

Authorization: Bearer <token>

We recommend using tools such as Postman or cURL to test the endpoints.

Copyright © Sargon 2018  

Terms|Privacy