Upodi use a token API key to allow access to the API. You will need to create this API key in Upodi. To retrieve an API key, follow these steps:
- Sign in with an administrative account.
- Go to Setup > Developer > API Keys.
- Generate a new API token. API keys are generated under two scopes - READ or WRITE or both.
- Keep the API token safe and use it only on non-customer facing code (not in Javascript or HTML).
Be careful
As you setup an API key, be sure to select either read or write access permissions. Setting Upodi.js privileges will not enable the REST API to work. See the upodi.js section below.
Once created, add the key token encoded with Base64 as an authorization header, of the HTTP request to the API. The scheme is bearer.
Authorization: bearer {base64 encoding of the API key}
All API requests must be made over HTTPS (TLS/SSL). Calls made over plain HTTP will be rejected by our security protocol and fail. Most requests require authentication.
Information
The API header must be a base64 encoding of your API token, iso-8859-1 encoding. Keep your keys secure and do not expose them. Use www.base64encode.org to test.
Our API and webhooks are currently secured using TLS 1.0. We have a [planned transition to TLS 1.2].(http://trust.upodi.com/)