API authentication

Every API call must be supplemented with proper authentication data in order to determine on which user account the action must be performed. The following authentication methods are currently supported by our API:

API keys

API keys are used to authenticate your Web application and give you enhanced security, alowing you to define which API functions can be called with a specified function, quickly disable and revoke keys and modify their permissions as needed.

An API key is a set of two values: public and secret. In order to authenticate your API request, you need to send them as login and password using basic HTTP authentication. An example of doing this in PHP is as follows:

curl_setopt($curl, CURLOPT_USERPWD, $public.":".$secret);

If you are using a different programming language, follow the appropriate conventions to send the Authorization: header with all your HTTP requests to the API.

Email and password in the parameters (deprecated)

This authentication methods is deprecated and retained only to support old applications written for previous API versions. Do not use this method when writing new appplications.

With this method, two additional parameters are sent with every data request:

  • email - user email (login in the AfterMarket.pl system).
  • password - user password (in the AfterMarket.pl system).

This information needs to be sent along with other function call parameters, like in the example below:

$.ajax(
    url: "https://json.aftermarket.pl/category/list",
    data: {
        email: USER_EMAIL,
        password: USER_PASSWORD,
        start: 0,
        size: 10,
        all: false
    }
);