Skip to main content

Authentication and Authorization

Coolr allows the APIs to use two ways of authentication:

  1. Cookie
  2. Basic Authentication

In this approach, you can obtain login cookies by making a call to Coolr's Login controller. Then these cookies must be passed in subsequent calls without passing any other login credentials. These cookies have a long expiry.

When using Cookie based authentication, you have to make an additional call initially to the Login controller to get the cookies.

Considering the same, most of our users have chosen to use Basic Authentication.

Basic Authentication

In this approach, you pass the credentials in each request header.

FAQ

Q: Why do we not use JWT/ OAuth?
A: There are multiple reasons Coolr doesn't use JWT/ OAuth:

  1. Backwards compatibility: We have multiple customers who have been integrating since 2016. Most of the integration systems did not support JWT/ OAuth. Hence, we have focused on Cookie based authentication and Basic Authentication
  2. Token expiry/ renewal: Customers may integrate multiple systems such as master data, CRM etc. We found that token expiry/ renewal caused challenges in integration for the system.

Q: How to change the password?
A: The credentials used for API calls can also be used on our portal to login/ change password/ reset password. If you still encounter issues, reach out to support@coolrgroup.com

Q: How are credentials secured?
A: You must keep the crednetials confidential. Treat them as sensitive as your database username/ passwords. We recommend rotating the credentials frequently.