How to use HTTP Headers to authenticate yourself to the Europeana APIs

Owned by Jolan Wuyts
Last updated: Sept 04, 2023 by Adina Ciocoiu
3 min read

While using Europeana's API suite, you'll be asked to provide an API key to authenticate yourself to the service. You can do so by using the wskey parameter in your API URL. This is an easy way to authenticate, but it has a few downsides. If you share your API URL with anyone else, they will be able to see your API key and use it for themselves. This isn't very secure, so another, safer way to send your API key to our services for authentication is by using HTTP Headers. If you're using an application like Postman to work on your API calls, you can easily configure your HTTP headers within the application. But if you're just using your browser to send API calls, it's not immediately possible to create an HTTP header. Luckily there are some plugins available for most of the main web browsers people use that allow you to set and use HTTP headers whenever you're making an API call.

You can get your API key here: https://pro.europeana.eu/pages/get-api

Creating HTTP headers on Chrome, Edge or Firefox

If you are using either Chrome, Edge, or Firefox, you can use a plugin called 'Modheader' that will allow you to send HTTP headers through your browser API requests. To install modheaders, go to this website and install the plugin by clicking on the 'Install Modheader' button. This will take you to the plugin store of your respective browser, where you'll be able to install the plugin. Your browser might need to be restarted for the plugin to take effect. 

 

Once you have installed Modheader, follow the instructions the plugin provides to create an HTTP header. You can find Modheader instructions to create a request header here.

 

Get access to your plugin by clicking on the 'Modheader' icon in your plugins bar. To create a request header that will work with Europeana's APIs, you need to fill in the following information: 

 

Under 'Name', add X-API-Key

Under 'value', add your API key

 

Make sure the header is enabled, and then try to make an API request. 

Please be aware that by default Modheader will be activated on all of the URLs you try to visit using your browser, so make sure to disable Modheader when you're not using it to make API calls. 

This is what your Modheader plugin interface should look like once you’ve created your HTTP header

Creating HTTP headers on Safari

Safari has a plugin called 'Requestly' where, similar to Modheader, you can create and use HTTP headers for your API calls. Go to this website and click 'download for Safari' to install the plugin. You might need to restart your browser to have the plugin take effect. To access the plugin, click on the Requestly icon in your plugins bar. Then select the 'Modify Headers' option. 

The start screen of Requestly, once you’ve clicked on it from your plugins bar

Enter a rule name. Maybe call it 'Europeana API auth' or something similar.

Add a source condition. This will activate requestly when you enter a URL that has a certain string in it. For Europeana's APIs, you can use api.europeana.eu. Then add a new rule with the Type 'Request Header. Fill in the following information:

Name: X-Api-Key
Value: your API key 

Once that's done, create your rule and you're good to go! 

Please be aware that some of our APIs use different base URLs, so they might not be included in your source condition. For the IIIF API, for instance, the base URL is 'http://iiif.europeana.eu '. You can add an extra condition to your existing rule, or add a new rule for that API URL. This last option is especially useful if you have multiple API keys that you use for different Europeana APIs.