Proxy and API Keys
Otto provides a proxy over the FileMaker Server Data API, FileMaker Server Admin API, and the Otto Developer API. The primary purpose of the proxy is to allow the use of API Keys to authenticate to the FileMaker Server Data API and FileMaker Server Admin API.
Types of keys
There are two types of keys. Data API Keys work with the FileMaker Server Data API. Admin API Keys work with the FileMaker Server Admin API and the Otto Developer API. Or in otherwords: Sata API Keys work with data in the FileMaker Files and admin API Keys work with the Server itself
Api Keys are also used when Receiving Webhooks.
API Keys should be treated as secrets as they are essentially stand-ins for the user name and password that are normally used to access these APIs. If you think your API Key has been compromised, you should immediately delete it and generate a new one. You can delete APIKeys through the Otto Admin Web Console, or via the APIs.
Enabling the Data API Proxy
The data api proxy requires that the Data API be turned on and it also must be enabled. See -> The Admin API Proxy and the Otto API are always on.
Using the API keys
Use port 3030
Use Otto's Port to access the URLs that the data API provides. By default that port is 3030. For example, notice the '3030' in the second line below. Everything else is the same.
The same pattern holds for the Admin API.
Authenticate with the API Key
You can use the ApiKey in the following ways to authenticate your request.
Bearer Token Header
Authorization: Bearer <api-key>
When using basic auth the part before the ":" is "apiKey" and the part after is your API key that you got from the Otto server.
add apiKey=[your-api-key] to the url.
POST https://<otto-server-url>:3030/receiver/:db/:channel?apiKey= <your-api-key>