Authentication
The eAgenda API supports two authentication methods: Basic Auth and Cookie Auth. This guide explains how to set up and use each one securely.
Basic Auth (recommended for integrations)
HTTP Basic authentication is the recommended method for server-to-server integrations.
How it works
Each request must include the Authorization header with your Base64-encoded credentials:
Authorization: Basic base64(username:password)Practical example
# Encode credentials in Base64
echo -n "my@email.com:my_password" | base64
# Result: bXlAZW1haWwuY29tOm15X3Bhc3N3b3Jk
# Make the request
curl -X GET https://eagenda.com.br/api/v3/accounts/ \
-H "Authorization: Basic bXlAZW1haWwuY29tOm15X3Bhc3N3b3Jk"Most HTTP libraries handle the encoding automatically:
Python:
import requests
response = requests.get(
"https://eagenda.com.br/api/v3/accounts/",
auth=("my@email.com", "my_password")
)
print(response.json())JavaScript (Node.js):
const response = await fetch("https://eagenda.com.br/api/v3/accounts/", {
headers: {
"Authorization": "Basic " + btoa("my@email.com:my_password")
}
});
const data = await response.json();PHP:
$ch = curl_init("https://eagenda.com.br/api/v3/accounts/");
curl_setopt($ch, CURLOPT_USERPWD, "my@email.com:my_password");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$response = curl_exec($ch);
$data = json_decode($response, true);C# (.NET):
using var client = new HttpClient();
var credentials = Convert.ToBase64String(
System.Text.Encoding.UTF8.GetBytes("my@email.com:my_password")
);
client.DefaultRequestHeaders.Authorization =
new System.Net.Http.Headers.AuthenticationHeaderValue("Basic", credentials);
var response = await client.GetAsync("https://eagenda.com.br/api/v3/accounts/");
var json = await response.Content.ReadAsStringAsync();Authentication error responses
| Code | Meaning | Action |
|---|---|---|
401 Unauthorized | Invalid or missing credentials | Check your username and password |
403 Forbidden | No permission for the resource | Check account permissions |
Example 401 error
{
"detail": "Authentication credentials were not provided."
}Security best practices
- Never expose credentials in the frontend — Use the API only in server-side (backend) code
- Use environment variables — Store credentials in environment variables, never hardcoded
- HTTPS required — All requests must use HTTPS
- Rotate credentials — Change your credentials periodically
- Principle of least privilege — Use accounts with only the necessary permissions
Example with environment variables
import os
import requests
response = requests.get(
"https://eagenda.com.br/api/v3/accounts/",
auth=(os.environ["EAGENDA_USER"], os.environ["EAGENDA_PASSWORD"])
)# .env (never commit this file!)
EAGENDA_USER=my@email.com
EAGENDA_PASSWORD=my_secure_password