Calls to the TUNE API require either a session_token or an api_key query string parameter to be passed with each request.
- api_key – API Keys are generated on a per-user basis, are permanent, and calls using an API Key are only allowed from devices with known IP addresses.
- session_token – Session tokens are meant for browsers on a per-user basis and time out after a certain time period.
User Permissions with API Key
Since API Keys are on a per-user basis, they inherit the user’s permissions because user permissions (ACLs) are enforced server-side in the TUNE API. Thus, the API Key should be associated with the user with the permissions you want applied.
Before using the TUNE API, you will need to request an API Key by emailing firstname.lastname@example.org.