Skip to content


How can we help you?

← Go back

Authentication of API users

Our APIs use RFC2617 standard digest for authentication.

In order to use our APIs (to perform create, retrieve, update, and delete actions) a special API user (that we call a robot user) needs to be created within your Mediagenix On-Demand or Sequence account. There can be as many robot users as required, so that different parties that need to access the account via the API can all have different logins and passwords.

Authentication will take place with the robot user’s login and password. If you have cURL installed, you can try your new robot user credentials on a terminal.

Here is how you would do this for the Mediagenix On-Demand API:

$ curl --digest -u robot_user:password

Note that is the URL of the Mediagenix On-Demand production environment. The URL of the staging environment is and the URL of the preproduction environment is

You should be prompted for a password. Enter it, and if you authenticated correctly, the response should be a valid XML.

Note: A robot user cannot login to the Mediagenix On-Demand applications using a web browser, and a normal user cannot fully utilise the API; see the API browser section below for more details.

Nonce re-using

Digest authentication requires a negotiation with the server to obtain a valid nonce token.

This negotiation makes the communications slower because clientes need to duplicate the requests. In order to leverage the communication and improve the performance our applications support nonce token re-using for a period of 5 minutes. In this way, a valid nonce obtained from the server can be used during 5 minutes without having to negotiate a new one.

This duration of 5 minutes is a value that we are not planning to change, but in order to make your integration more resilient you could probably implement a fall-back mechanism when using a cached nonce to automatically get a new one when it has expired.

API browser

A regular Mediagenix On-Demand application username can be used to access the API with a web browser, but the user can only perform retrieve actions (i.e. it’s read-only access).

To do this, simply log into the Mediagenix On-Demand or Sequence applications as usual (via our ID application) and then change the URL shown in the location of the web browser by adding /api to the path after the hostname.

For example, in Mediagenix On-Demand, changing to will show you the root of the Mediagenix On-Demand API in your web browser and you can follow the links to explore the API.


TLS connections are required in order to access Mediagenix On-Demand API. Communicating over TLS preserves user privacy by protecting information between the user and the Mediagenix On-Demand API as it travels across the public Internet.

Mediagenix On-Demand’s TLS certificate for * is signed by Sectigo Limited, using the Sectigo RSA Domain Validation Secure Server CA.

Your application or client should ensure that the certificate chain returned for Mediagenix On-Demand servers is signed by our approved vendor and not other CA roots.

Please consider that this TLS certificate might be periodically rotated based on our renewal policy. This has no impact for applications or clients that trust our approved CA root, so no action is required from your side in this case.

You can get full information about our certificates chain by executing this command using openssl:

$ openssl s_client -showcerts -servername -connect