Its confusing to have the directions for requesting private data when you cant with v5. Is it going to be an option in the future?


You must provide a Content-Type header with every request. The only content type supported is application/vnd.api+json.

You must provide an Authorization header with every request (except /tokens). Depending on the endpoint you must use either an API key or Bearer token Authorization (but never both).

See the Authorization Use Cases below for more information

NameExampleContent type *
Content-Type: application/vnd.api+json
Authorization (API key) **
Authorization: {{apikey}}
Authorization (token) **
Authorization: Bearer {{token}}
* Required
** Either API key or token Authorization header is required on all endpoints except /tokens.AuthorizationAPI key (access public data)

The most common authorization is to use a public API key. If you are building a public website you most likely will be using the API key authorization. This should be used to search public adoptable pet data and organizations.

Token-based authorization (access private data)

If you are making a request on behalf of a user with a RescueGroups.org login you should use the token authorization mechanism. You would use the user-provided credentials to generate a token.

When you make a valid request using a token, the response will include an updated Authorization header. You must update your local cache with the new token. See the tokens endpoint for more information.

Use cases

Here are some examples of when you would use API key or token-based authorization:

Use caseAuthorizationRequests for public adoptable pet and organization information
API key
Rescue/shelter building a public website for showing adoptable pets
API key
Add or update an organization's private data
Token (created using staff credentials)

    CommentAdd your comment...

    1 answer



      Yes, we plan for the v5 API to include the private endpoints.


        CommentAdd your comment...