LoginRadius DocsDocs
DocumentationAPI ReferencesSDKsChangelogs

Authorization

Authorization guidance for Analytics API operations, including tenant-level key and secret requirements for backend data and insights access.

Overview

The Analytics API is the simplest group from an authorization perspective. It is primarily backend-oriented and largely relies on tenant-level credentials rather than end-user bearer tokens.

These routes should be treated as service-side data access endpoints.

Primary authentication models

Most operations in this group use:

  • tenant API key
  • tenant API secret
  • header-based key/secret variants on selected routes

This group is not primarily designed for user-session bearer-token flows.

Required credentials

Depending on the endpoint, expect:

  • apikey
  • apisecret
  • X-LoginRadius-ApiKey
  • X-LoginRadius-ApiSecret

Security schemes used in this group

The current public spec uses these schemes in the Analytics API group:

  • APIKey
  • APISecret
  • XLoginRadiusAPIKey
  • XLoginRadiusAPISecret

Practical interpretation

  • query-based tenant credentials are common
  • some endpoints use the header-based X-LoginRadius-* variants
  • user bearer tokens are not the primary model in this group

Headers and query parameters

Common auth inputs include:

  • query apikey
  • query apisecret
  • header X-LoginRadius-ApiKey
  • header X-LoginRadius-ApiSecret

Use header-based variants where the endpoint expects them, especially in service-side integrations that avoid exposing secrets in URLs.

Token usage guidance

Prefer backend execution

Run Analytics API requests from backend systems, reporting services, or internal tools.

Avoid client-side exposure

Do not expose tenant secrets in browser code or public applications.

Examples and common patterns

Typical patterns include:

  • nightly or on-demand identity reporting jobs
  • analytics systems pulling insight-oriented user data
  • backend segmentation logic based on identity or custom object records
  • internal dashboards retrieving aggregate or query-driven user information

Common auth errors and pitfalls

  • attempting to use end-user bearer-token assumptions from other groups
  • exposing tenant secrets in frontend code
  • mixing query and header credential styles incorrectly
  • treating analytics access like a public consumer API

These endpoints should be treated as backend-only by default.

Introduction

Introduction to analytics, identity insights, and custom-object retrieval APIs for reporting, segmentation, and backend data analysis.

Retrieve User's by pagination GET

Retrieves User's data using the specified pagination parameters.

On this page

OverviewPrimary authentication modelsRequired credentialsSecurity schemes used in this groupPractical interpretationHeaders and query parametersToken usage guidancePrefer backend executionAvoid client-side exposureExamples and common patternsCommon auth errors and pitfalls