API Tokens and Authentication

Requests to the SigOpt API must be made over HTTPS. API tokens are passed to SigOpt via HTTP Basic Auth, with the token as the username and no password.

Here’s a sample request to fetch information about your client.

from sigopt import Connection

conn = Connection(client_token="USER_TOKEN")
client = conn.clients(CLIENT_ID).fetch()

CLIENT=`curl -s -X GET https://api.sigopt.com/v1/clients/CLIENT_ID -u "$SIGOPT_API_TOKEN":`

import com.sigopt.SigOpt;
import com.sigopt.exception.SigoptException;
import com.sigopt.model.*;

import java.util.Arrays;

public class YourSigoptExperiment {
  public static Experiment createExperiment() throws SigoptException {
    Client client = Client.fetch(CLIENT_ID).call();
    return experiment;
  }

If your API token becomes public, you can visit the tokens page to invalidate the old token. You can also contact us so we can rotate the token for you.

Token Types

We provide each account with an API token and a development token. Authentication and API calls work the same with both types, so the only code that needs changing is the token.

You should use your API token for production usage. This will let you communicate with SigOpt’s optimization backend to get optimized suggestions for your problem.

Experiments created with the development token will not be subject to your monthly limit, so feel free to play around as much as you’d like. However, experiments created with the development token will not receive intelligent suggestions, so you’ll need to switch back to your API token before you deploy to production. You can interact with these experiments just like normal experiments on the web, but once they’re deleted they are gone forever.

Users on Multiple Teams

Enterprise users on multiple teams (a client is the same thing as a team) have an API and development token for each team they are on. Users should use the token corresponding to whichever team the API object is or should be associated with.