Authorization

Our REST API uses key based authorization in the form of a 64 character string. Information related to your unique key can be accessed and managed in your Account page.

Because each API key is tied to an individual user, please store it in a safe place and do not share it with others.

All client requests are authorized using valid API keys that are sent through HTTP headers or query strings. Query strings take priority over HTTP headers, so if both are used as part of a request the query string will take precedence.

Sending API keys using query strings

In order to authorize a request using “api_key” query strings, it will need to be sent in the following format:

<HTTP-METHOD> <domain>/api/<version>/<path>?api_key=<api_key>

Sending API keys using HTTP headers

In order to authorize a request using a HTTP header named “X-RMAuth”, it will need to be sent in the following format:

<HTTP-METHOD> <domain>/api/<version>/<path>
X-RMAuth: <api_key>

Unauthorized requests

If invalid API keys are sent as part of a request you will receive an HTTP 403 Forbidden status response and the following payload:

{
    "status": {
        "code": null,
        "messages": ["API key is not valid"]
    },
    "data": null
}