Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.

...<domain-id> (read only, and high availability e.g. for user authentications, password resets, etc)


This object is used to encode information about a failed authentication attempt.

Object field



A code indicating the reason for the authentication failure. This may be one of

  • ‘badCredentials’ – The supplied credentials were invalid. This means the username or password were invalid (for basic authentication) or the API key was invalid (for API key authentication).
  • ‘accountExpired’ – The account to which the credentials apply has expired.
  • ‘invalidIP’ – The supplied credentials cannot be used from the IP address that the client is connecting from. This applies to administration and access accounts only.


A human-readable message describing the failure. This may be used on a UI to provide a reason for the failure to the user.

API Key Authentication

API keys are temporary or long-lived authentication tokens that are associated with an OpenAthens account. They have exactly the same permissions as the account to which they are associated. They avoid the need for the account password to be sent on every API request.


application/vnd.eduserv.iam.apiKey-v1+json object

Object field



The API key.


The type of key. This may be one of:

  • temporary
  • assigned


The expiry date/time for the key.

Using a temporary API key


Any request that is not authorised will fail with an HTTP 403 status code. 

See also:

Children Display
pageOpenAthens REST API documentation