← Back to Docs

Authentication

All smartObjx API calls require two HTTP headers for authentication. No OAuth, no bearer tokens — just two API keys on every request.

Required Headers

HeaderPurpose
Ocp-Apim-Subscription-Key Identifies the subscriber (account owner). A subscriber may have multiple data owners within the account. This key stays the same across all API calls for your account.
Ocp-Apim-POV-Key Identifies the data owner / Point of View (POV). Controls which data you see and can modify. Different POV keys show different data — this is how smartObjx enforces multi-tenant isolation.

Data Owner Hierarchy

smartObjx organizes data owners in a three-level hierarchy:

Subscriber (account root)
  └── Client (publisher's customer)
        └── Customer (client's customer)

Each level has its own POV key. The system uses this hierarchy to determine which rules, settings, and structures apply — enabling overrides and versioning at each level.

How the hierarchy works

  • Subscriber — the top-level account owner (SaaS publisher). Sees all data across all clients and customers.
  • Client — a direct customer of the publisher. Can have their own rules, settings, and structures that override or extend the publisher's defaults.
  • Customer — a customer of the client. Can have further overrides specific to their needs.

This hierarchy enables scenarios like: a SaaS publisher defines default business rules, a client overrides pricing rules for their market, and a customer gets further customization for their specific operations.

Example: cURL

curl -X GET "https://api.dev.smartobjx.com/settings-demo/application" \
  -H "Ocp-Apim-Subscription-Key: fd8efd80-f215-4c73-95f2-23841e98acbd" \
  -H "Ocp-Apim-POV-Key: 45ef2936-160e-47dc-bd17-3dc0060acec9"

Example: JavaScript fetch

const headers = {
  'Content-Type': 'application/json',
  'Ocp-Apim-Subscription-Key': 'your-subscription-key',
  'Ocp-Apim-POV-Key': 'your-pov-key'
};

const response = await fetch('https://your-api-base-url/usecases', {
  method: 'GET',
  headers
});
const data = await response.json();

Example: C# HttpClient

var client = new HttpClient();
client.BaseAddress = new Uri("https://your-api-base-url");
client.DefaultRequestHeaders.Add("Ocp-Apim-Subscription-Key", "your-subscription-key");
client.DefaultRequestHeaders.Add("Ocp-Apim-POV-Key", "your-pov-key");

var response = await client.GetAsync("/usecases");
var json = await response.Content.ReadAsStringAsync();

Example: C# with smartConnectors SDK

var config = new ApiConfiguration();
config.BasePath = "https://your-api-base-url";
config.ApiKey.Add("Ocp-Apim-Subscription-Key", "your-subscription-key");
config.ApiKey.Add("Ocp-Apim-POV-Key", "your-pov-key");

var rulesApi = new RulesApi(config);
// All subsequent calls use these credentials automatically

Sandbox Credentials

Use these shared demo tokens to explore the APIs without signing up:

TokenValue
Subscription Keyfd8efd80-f215-4c73-95f2-23841e98acbd
SaaS Publisher POV45ef2936-160e-47dc-bd17-3dc0060acec9
Client POV25ef2936-160e-47dc-bd17-3dc0060acec9
Customer POV05ef2936-160e-47dc-bd17-3dc0060acec9

Try different POV keys to see how the same API returns different data for different levels of the hierarchy.