Every API call requires an accessKey and secretKey to be passed in the API URL for authentication. Any action performed using APIs uses the credentials of the user whose keys are passed.
These keys are unique for every user and carry many privileges, so be sure to keep them secret! Don’t share your secret API keys in publicly accessible areas or in any client-side code.
All API requests must be made over HTTPS. Calls made using plain HTTP will fail.
The accessKey and secretKey can be obtained from the My Account>Settings>API and Webhooks section –
- Ideally, you should use the accessKey and secretKey of an Admin user so you don’t face any restrictions associated with other user roles like Marketing Users or Sales User.
- Make sure that you use the API keys of an active user. If a user leaves your organization and you deactivate the user, the API keys are also deactivated and API calls with those keys will fail.
- If your keys are incorrect, then you’ll receive a “401 Unauthorized” response.
To help you quickly test the APIs and integrate we’ve written some sample code.