Authenticating API Requests
All API requests must include a valid (not expired) access token (a random alphanumeric string that uniquely identifies API clients). (API requests that do not include a token or that supply an invalid or expired token will result in a 401 Unauthorized response.)
Tokens are generated in the Configuration module of the SmashFly Console for the client zone. Administrator users can access the API keys page at Configuration > Developer’s Corner > API Keys. Once you have a token, you must send it in each API request, using the HTTP “Authorization” request header. The request must begin with the word “Bearer,” followed by a space, followed by the access token; for example:
When using the API, you can enter the token in the Token field at https://api.smashfly.com/ListAPI/help.