Note: An OAuth server is currently in development and will replace the following authentication methods as the primary supported authentication mechanism. The expected release date is the end of February 2013.

Table of Contents


Authentication is the process by which you provide credentials to the server and the server verifies you are whom you claim. At Quicktate, we believe in strong and practical authentication methods. It is of the utmost importance that your transcriptions are secure and not able to be accessed by unprivileged users. That said, as our infrastructure evolves, we are improving the ways by which we perform authentication.

Our XML-RPC and RESTful web services support different means of authentication. This is inherent to the distinct differences of how RESTful and XML-RPC services behave, but also due to legacy concerns. To understand the differences between the two, please read the Authenticating for REST and Authenticating for XML-RPC sections.

Authenticating for REST

Authenticating using the RESTful API is as simple as providing your username and password using HTTP Basic authentication. This is submitted on every request, as our RESTful API is stateless. Security is ensured through the mandatory use of SSL when connecting to the RESTful API.

The HTTP Basic Authentication specification states that a user must send his username and password as a Base-64 encoded pair with colons inbetween. Therefore, for a user with username and password password, the string to be Base-64 encoded would be This would be sent in the Authorization header in each request. If the username or password never change, then neither should the Base-64 encoded representation of them. An example request for the same username and password looks like the following:

            GET /api/transcriptionrequest HTTP/1.1

            Authorization: Basic dXNlckBxdWlja3RhdGUuY29tOnBhc3N3b3Jk
            Accept: application/json
            Connection: keep-alive
            Content-Type: application/json

Authenticating for XML-RPC

Our XML-RPC API uses a simple username and API key for authenticating every request. These are submitted as parameters in every request. For example, where your payload would normally be the following (pseudo-code):

you would include your username (user) and API key (key) as other parameters in this payload:

In the event that you provide an invalid username or API key, you will receive an XML-RPC status code of 810 with an error message of Login information incorrect.

To find your API key, you'll need to login to the Membership Portal. From there, click the Your Profile link to see your profile information. You'll find your API key in the section marked Your API Key. See the following screen shot as a reference.
Your API Key

Although this mechanism has been in-place for several years, due to the deprecation of this API, we will not enhance that security mechanism. If you would prefer a more standards-approved means of authenticating, please use our RESTful API, which supports HTTP Basic authentication, and soon, OAuth.