Authentication API documentation
In this section, we're going to focus on the basics of two ConvertApi authentication methods.
To authenticate to v2.convertapi.com there are two options:
- Secret - Can be used to authenticate requests from the code that is not accessible for the user (server side software like PHP). Secret can be found in Control Panel.
Token request accepts URL query parameters.
- Secret - your secret.
- RequestCount - restrict how many requests can be made using single token (default is 1).
- Lifetime - restrict how many seconds token is valid (default is 1h).
- Count - how many tokens will be received by this request (default is 1).
Token generation algorithm steps:
Create token string: "tokenUuid|expireTimeStamp|userIp|requestCount".
- tokenUuid - random 8 bytes alphanumeric string.
- expireTimeStamp - token expiration time in Unix time stamp format.
- userIp - IP address that can use this token (can be blank if token not restricted).
- requestCount - request count that can be made using this token.
- Encrypt token string with AES encryption algorithm using your secret as encryption key, initialization vector (IV) should be "//convertapi.com".
- Encode encrypted string with Base64 algorithm.
Self generated token must be used together with ApiKey parameter. ApiKey can be found in Control Panel.
HTTP Response Codes
200Internal codes provided in response body:
- 2000 - Token created successfully.
- 2001 - Token canceled successfully.
404Internal codes provided in response body:
- 4040 - Invalid user credentials - bad secret.
- 4041 - Invalid user credentials - bad token.
- 4042 - Invalid user credentials - bad self generated token.
- 4043 - User credentials not set, secret or token must be passed.
- 4044 - The conversion seconds balance reached zero and no more conversions can be done. Please order more seconds and resume service.
- 4045 - User inactive.