Authentication
Authentication#
API Headers#
In order to authenticate any API request, the following headers must be sent:
* X-Auth-Token
: Your Authentication Token provided by Kazoo. It can be acquired using the user_auth Crossbar API.
* X-Kazoo-Cluster-ID
: Your Kazoo Cluster ID. This is used to identify your MVNO.
Alternatively, it is possible to send those headers via query string parameters, respectively auth_token
and kazoo_cluster_id
.
Authentication Levels#
Tower of Power APIs can have various Authentication Levels, which are specified in every API documentation. Below is the description of these levels. Note that in addition to the descriptions below, whenever the API URL includes an Account ID, the authentication process verifies that the Auth Token has access rights to that Account.
basic
: Verifies that the Auth Token is valid.reseller
: Verifies that the Auth Token belongs to a Reseller Account.parent_of
: Verifies that the Auth Token belongs to a parent Account of the target Account (account_id in the URL).reseller_of
: Verifies that the Auth Token belongs to the Reseller of the target Account (account_id in the URL).master
: Verifies that the Auth Token belongs to the Master Account of that Cluster.super_master
: Verifies that the Auth Token belongs to the Master Account of the Master Cluster (the Master Cluser being 2600Hz's Production Cluster).