This API security model is deprecated. Please use the Oauth based security instead.

Note: Make sure you have read the Getting Started section

TLS 1.2

PaperCut expects all API traffic to take place over TLS 1.2 and above.

Using the API Key

The PaperCut cloud-native Add-on Platform (AOP) will verify every API call you make using a bearer token. More information on bearer tokens here.

Once you have been accepted into the AOP programme PaperCut Software will provide you with an API key.

• Use this key with every API call you make to the AOP.

• Send the API key in the https authorization header as a “bearer token”. For example:

  {"Authorization": "Bearer " + apiKeySuppliedByPaperCut},
  

  Note: the exact way you specify HTTP headers will vary depending on the technology you are using. Please consult your library documentation. For example in Python 3 (using the Requests package) you can do something like this

  resp = post(f"{apiRoot}/{org}/addons.verify-options-token/{apiVersion}",
       headers={
               "Authorization": f"Bearer {apiKey}",
               "Content-type":"application/json",
               "Accept": "application/json"},
       json={"token": token })
  

  In the above example apiKey and token refer to two different pieces of information. For more information refer to the details in the API reference

NOTES:

• The API key must be kept secure. For example you cannot distribute the API key in a plugin, desktop application or single page web application.

• Every add on solution you develop will be issued with a different API key. You must use the correct key for each solution you publish

• If your API key is compromised you can ask PaperCut to issue you with a new one at integration-dev-support@papercut.com

• If your API key is invalid the response payload is {"ok":false,"error":"invalid_auth"}