Authenticating API Requests

All API requests must include a valid (not expired) access token (a random alphanumeric string that uniquely identifies API clients). API requests that do not include a token or that supply an invalid or expired token will result in a 401 Unauthorized response.

Tokens can be generated in the Configuration module of the SmashFly Console for the client zone and are valid for one year. Administrator users can access the API keys page from the SmashFly Console Configuration module under Developers' Corner > API Keys.

Once you have a token, you must send it in each API request, using the HTTP “Authorization” request header. The request must begin with the word “Bearer,” followed by a space, followed by the access token; for example:

Bearer c68240dca6fec083c3a2f0beb24d85b1

When using the API, you can enter the token in the Token field at https://api.smashfly.com/ContactAPI/help.