Back in 2013 we introduced a requirement that API keys had to be sent as the first attribute of the JSON payload, this was meant to allow some optimization when processing the request. This introduced a problem with JSON libraries that don’t allow custom property ordering. The JSON RFC also makes it clear that these keys are unordered.
Starting in RPM 10 we now check for the key in the header section of the HTTP request
Old:
POST http://localhost/rpm/Api2.svc/ProcFields HTTP/1.1
{
"Key": ffffffff-ffff-ffff-ffff-ffffffffffff,
"ProcessID": 502
}
New:
POST http://localhost/rpm/Api2.svc/ProcFields HTTP/1.1
RpmApiKey: ffffffff-ffff-ffff-ffff-ffffffffffff
{
"ProcessID": 502
}
For backwards compatibility we still allow the key to be passed as the first property in the JSON body. If a key is found in the header then any key in the body is ignored. Still, passing keys in the body should be considered temporary and we expect all API users to switch to the header key method. Eventually a future version of the API will no longer accept keys in the body.
RPM Developers Website - API Documentation and News 