Authenticating API Requests

All API requests must include a valid (not expired) access token (a random alphanumeric string that uniquely identifies API clients). (API requests that do not include a token or that supply an invalid or expired token will result in a 401 Unauthorized response.)

Tokens are generated in the Configuration module of the SmashFly Console for the client zone. Administrator users can access the API keys page at Configuration > Developer’s Corner > API Keys. Once you have a token, you must send it in each API request, using the HTTP “Authorization” request header. The request must begin with the word “Bearer,” followed by a space, followed by the access token; for example:

Bearer c68240dca6fec083c3a2f0beb24d85b1

When using the API, you can enter the token in the Token field at