{"_id":"563a2dbc1846790d00895311","category":{"_id":"563a2dbb1846790d0089530a","__v":3,"pages":["563a2dbc1846790d0089530f","563a2dbc1846790d00895310","563a2dbc1846790d00895311","563a2dbc1846790d00895312","563a2dbc1846790d00895313","563a2dbc1846790d00895314","563a2dbc1846790d00895315","563a2dbc1846790d00895316","563a2dbc1846790d00895317","566232310299ea0d008f2cf2","56623a2d0299ea0d008f2cf6"],"project":"54d4ecb5f6c48a0d00f0f041","version":"563a2dba1846790d00895309","sync":{"url":"","isSync":false},"reference":false,"createdAt":"2015-02-06T16:32:54.503Z","from_sync":false,"order":2,"slug":"documentation","title":"Documentation"},"project":"54d4ecb5f6c48a0d00f0f041","user":"54d4ec36f6c48a0d00f0f040","__v":1,"version":{"_id":"563a2dba1846790d00895309","__v":3,"project":"54d4ecb5f6c48a0d00f0f041","createdAt":"2015-11-04T16:09:30.844Z","releaseDate":"2015-11-04T16:09:30.844Z","categories":["563a2dbb1846790d0089530a","563a2dbb1846790d0089530b","563a2dbb1846790d0089530c","56620e60f183880d004d3217","5702e5b8f2d6f336005e9025"],"is_deprecated":false,"is_hidden":false,"is_beta":true,"is_stable":true,"codename":"No Mashape","version_clean":"1.1.0","version":"1.1"},"updates":[],"next":{"pages":[],"description":""},"createdAt":"2015-06-24T13:07:31.298Z","link_external":false,"link_url":"","githubsync":"","sync_unique":"","hidden":false,"api":{"results":{"codes":[]},"settings":"","auth":"required","params":[],"url":""},"isReference":false,"order":2,"body":"Instacount uses API Keys to govern access to your counter data.  \n\nIn general, you'll want to use API Keys when you want your app to access your own counter data.  If you want  your app to access *other people's* counter data, then OAuth is preferred.  At present, Instacount does not support OAuth access, but it is on our roadmap.\n\nFor now, this section provides more details about how to access Instacount in a secure manner using Application Identifiers and Application API Keys.\n[block:api-header]\n{\n  \"type\": \"basic\",\n  \"title\": \"Application Identifiers\"\n}\n[/block]\nA single API call must be made against an Instacount Application, which allows you to create isolated counter data for various use-cases.  For example, you might create an Application called \"Production\" and another one called \"Testing\", each of which would be segmented from the other.\n\nIn order to make a call to Instacount, you must specify the Instacount Application Id in the call.  You do this using a header called **X-Instacount-Application-Id**.  \n\nHere's an example:\n[block:callout]\n{\n  \"type\": \"info\",\n  \"title\": \"Instacount Application Id Example\",\n  \"body\": \"X-Instacount-Application-Id: Zsn150bMQ6WCPTyk560pIw\"\n}\n[/block]\n_Note that application identifiers are case-sensitive, and will contain US-ASCII alpha-numeric characters_.\n[block:api-header]\n{\n  \"type\": \"basic\",\n  \"title\": \"API Keys\"\n}\n[/block]\nIn addition to a unique application identifier, each Instacount Application has two available access keys, a **read-only** key and a **read-write** key.  Either key may be used to provide access to counter data.  Like above, you specify an API Key using a header called **X-Instacount-API-Key**.  \n\nHere's an example:\n[block:callout]\n{\n  \"type\": \"info\",\n  \"title\": \"Instacount Application Key Example\",\n  \"body\": \"X-Instacount-API-Key: 75qg23o3go9j95dbj3f2uj0iuitlbrqnm560te5pbp62t2mjmr2\"\n}\n[/block]\n_Note that API Keys will always contain lower-case US-ASCII alpha-numeric characters_.\n[block:api-header]\n{\n  \"type\": \"basic\",\n  \"title\": \"Read-Only Application Key\"\n}\n[/block]\nEach Instacount application has a key that will provide clients with **read-only** access.  This key is intended to be used in publicly accessible places, such as in a Javascript web app that is displaying counter information directly from Instacount.\n\nWhile these keys *may* be shared publicly, note that calls using this type of key will affect your monthly quota, so use caution when exposing any type of key publicly.\n\nIt is recommended instead to have Javascript or mobile clients make authenticated calls to your own server, and then utilize your backend to make private calls to Instacount.  In this way, you will have full control over per-user throttling as well as customized access controls provided by your environment.\n[block:api-header]\n{\n  \"type\": \"basic\",\n  \"title\": \"Read-Write Application Key\"\n}\n[/block]\nEach Instacount application also has a key that will provide clients with **read-write** access.  An example usage of this key is a server-side application that can increment and decrement counter information on behalf of your application.  Be sure to keep any read-write application Keys private as clients with this key can update any counter in your Application.\n[block:callout]\n{\n  \"type\": \"danger\",\n  \"title\": \"Keep Read-Write Keys Private!\",\n  \"body\": \"Be careful with any **read-write** application key and don't expose it publicly -- clients with this key can update any counter in a given named application.\"\n}\n[/block]","excerpt":"Use Application identifiers and API keys to access your counter data","slug":"instacount-credentials","type":"basic","title":"Credentials"}

Credentials

Use Application identifiers and API keys to access your counter data

Instacount uses API Keys to govern access to your counter data. In general, you'll want to use API Keys when you want your app to access your own counter data. If you want your app to access *other people's* counter data, then OAuth is preferred. At present, Instacount does not support OAuth access, but it is on our roadmap. For now, this section provides more details about how to access Instacount in a secure manner using Application Identifiers and Application API Keys. [block:api-header] { "type": "basic", "title": "Application Identifiers" } [/block] A single API call must be made against an Instacount Application, which allows you to create isolated counter data for various use-cases. For example, you might create an Application called "Production" and another one called "Testing", each of which would be segmented from the other. In order to make a call to Instacount, you must specify the Instacount Application Id in the call. You do this using a header called **X-Instacount-Application-Id**. Here's an example: [block:callout] { "type": "info", "title": "Instacount Application Id Example", "body": "X-Instacount-Application-Id: Zsn150bMQ6WCPTyk560pIw" } [/block] _Note that application identifiers are case-sensitive, and will contain US-ASCII alpha-numeric characters_. [block:api-header] { "type": "basic", "title": "API Keys" } [/block] In addition to a unique application identifier, each Instacount Application has two available access keys, a **read-only** key and a **read-write** key. Either key may be used to provide access to counter data. Like above, you specify an API Key using a header called **X-Instacount-API-Key**. Here's an example: [block:callout] { "type": "info", "title": "Instacount Application Key Example", "body": "X-Instacount-API-Key: 75qg23o3go9j95dbj3f2uj0iuitlbrqnm560te5pbp62t2mjmr2" } [/block] _Note that API Keys will always contain lower-case US-ASCII alpha-numeric characters_. [block:api-header] { "type": "basic", "title": "Read-Only Application Key" } [/block] Each Instacount application has a key that will provide clients with **read-only** access. This key is intended to be used in publicly accessible places, such as in a Javascript web app that is displaying counter information directly from Instacount. While these keys *may* be shared publicly, note that calls using this type of key will affect your monthly quota, so use caution when exposing any type of key publicly. It is recommended instead to have Javascript or mobile clients make authenticated calls to your own server, and then utilize your backend to make private calls to Instacount. In this way, you will have full control over per-user throttling as well as customized access controls provided by your environment. [block:api-header] { "type": "basic", "title": "Read-Write Application Key" } [/block] Each Instacount application also has a key that will provide clients with **read-write** access. An example usage of this key is a server-side application that can increment and decrement counter information on behalf of your application. Be sure to keep any read-write application Keys private as clients with this key can update any counter in your Application. [block:callout] { "type": "danger", "title": "Keep Read-Write Keys Private!", "body": "Be careful with any **read-write** application key and don't expose it publicly -- clients with this key can update any counter in a given named application." } [/block]