API Authentication Types

Accela API requires apps to authenticate based on the API resource’s authentication type, which is one of the following:

Request Authentication Type	Required Request HTTP Headers	Description
Access token	Authorization	Requires an API access token. This authentication type applies to Accela API endpoints that access and operate on Civic user data. Access tokens are obtained either through the Accela SDKs or directly from the Accela Auth server (See Logging in the Authentication Server). For testing purposes, a test API token can be obtained from the Get Api Test Token page.
App credentials	x-accela-appid x-accela-appsecret	Requires HTTP request headers containing the application credentials. This authentication type applies to Accela API endpoints that access app settings. Application credentials (ID and appsecret) are obtained when the app is registered on the Accela Developer Portal. A logged in developer can view the app credentials on the Accela Developer Portal’s My Apps page.
No authorization required	x-accela-appid x-accela-agency x-accela-environment	Requires HTTP request headers containing the appid, agency, and environment. This authentication type applies to Accela API endpoints that allow an app to access public data as an anonymous user. Note the following: Only citizen apps support this authentication type. The access token is optional for this authentication type. If an access token is provided, the x-accela-appid, x-accela-agency, and x-accela-environment request headers are not required. If an access token is not provided, the HTTP request headers are required. This authentication type supports the permissions that have been defined for the anonymous user and the logged in user in Civic Platform. For example, an anonymous user can get an authentication failure when using an API resource attempting to access restricted data which require an access token.

Request Authentication Type

Required Request HTTP Headers

Description

Access token

Authorization

Requires an API access token. This authentication type applies to Accela API endpoints that access and operate on Civic user data.

Access tokens are obtained either through the Accela SDKs or directly from the Accela Auth server (See Logging in the Authentication Server). For testing purposes, a test API token can be obtained from the Get Api Test Token page.

App credentials

x-accela-appid

x-accela-appsecret

Requires HTTP request headers containing the application credentials. This authentication type applies to Accela API endpoints that access app settings.

Application credentials (ID and appsecret) are obtained when the app is registered on the Accela Developer Portal. A logged in developer can view the app credentials on the Accela Developer Portal’s My Apps page.

No authorization required

x-accela-appid

x-accela-agency

x-accela-environment

Requires HTTP request headers containing the appid, agency, and environment. This authentication type applies to Accela API endpoints that allow an app to access public data as an anonymous user.

Note the following:

Only citizen apps support this authentication type.
The access token is optional for this authentication type. If an access token is provided, the x-accela-appid, x-accela-agency, and x-accela-environment request headers are not required. If an access token is not provided, the HTTP request headers are required.
This authentication type supports the permissions that have been defined for the anonymous user and the logged in user in Civic Platform. For example, an anonymous user can get an authentication failure when using an API resource attempting to access restricted data which require an access token.

The Construct API Reference documentation shows the authentication type required by each Accela Accela API endpoint.