New Authentication Flow!

We've made two major updates to our authentication flow - please see below!

1. Removal of API Keys

From now onwards, you will no longer need to manage two sets of API Keys & API Credentials to authenticate to our APIs. Instead, you will only need to manage a set of API Credentials.

All API calls now have the field x-api-key as optional, and only API Credentials are necessary to authenticate moving forward.

2. Updated Auth Endpoint

We have released a new auth endpoint (/oauth/token) that adheres to the standard OAuth2 spec. With this update, you can now use off the shelf OAuth2 clients for your integrations! Some examples below:

• Node.js: simple-oauth2
• Go: golang.org/x/oauth2
• Python: oauthlib
• Java: spring-security-oauth

Lastly, in order to use the new endpoint, you must create a new set of API Credentials through the Orum Portal.

IMP: All credentials created through the Orum Portal from this point forward can only be used with the new /oauth/token endpoint.

Previous Endpoint & Credential Deprecation Plan

We will continue to support the deprecated /authenticate and /refresh endpoints along with all previously created API Credentials. However, the functionality to rotate any existing credentials will be removed from the Orum Portal. If you must rotate any existing credentials, please reach out to Orum Support.

We will urge all existing customers to migrate to the new endpoint by January 15, 2025, and will support the deprecated endpoints and credentials until then.