Authentication By Cookie
For most clients, authentication is performed by session cookie. Logging in to the platform sets a client's
c3d_session_v5 cookie to their new session ID. The value of this cookie is used to authenticate subsequent requests.
Authentication By Domain API Key
For clients authenticating with a Domain API Key, use the
For clients authenticating with a session cookie, a csrf token must be sent with any request that is not a
|Header Name||Header Value|
|Cookie Name||Cookie Value|
Most requests accept only JSON or do not expect a request body at all. The expected JSON request formats are documented where possible. Endpoints that upload raw files instead expect raw binary data and a content type that accurately reflects the file being uploaded. Similarly, endpoints that serve raw files will serve them with the content type they were uploaded with. All other routes return JSON or do not return with a response body.
Endpoint access is generally based on access to a given project, organization, or domain. Typical users that are not superadmins have roles on a per domain, per organization, per project basis. Most endpoints that require authorization require a capability in the same way: they require a capability on a domain, organization, or project.
All organizations belong to a single parent domain, and access to that domain provides access to that domain's organizations.
All projects belong to a single parent organization, and access to that organization provides access to that organization's projects.
Users cannot have capabilities on a scene or a scene version level, but both scenes and scene versions also exist in the same hierarchy. Any endpoint that operates on a scene or scene version expects the user to have access to that scene's parent project.
|Entity||Has User Roles|
Additional API Documentation
For more comprehensive access to our API documentation and routes, please contact us.