All RocketKOR API operations are performed over HTTPS. RocketKOR uses Bearer Authentication to authenticate requests. All API calls are performed by a Service Account and must include an Authorization header with your RocketKOR access token as a Bearer Token.

To obtain an access token, first request an API key. Your API key is associated with a RocketKOR Service Account. Once you receive your API key, invoke the POST /v1/api-keys/exchange endpoint to exchange your API key and secret for an access token. You must pass your API key and API secret as a Basic Authorization header (Base64-encoded). For example:

Authorization: Basic encodedString

where encodedString is your <api-key>:<api-secret> string encoded using Base64 encoding.

If the request is successful, the following fields will be returned:

  • access_token  Access token.
  • expires_in  Access token expiry time (in seconds).