This API is an SSL-only API. You must be a Connections Online user to make API requests. You can authorize against the API using basic authentication with any of the following credential pairs: username and password, username and site token, username and user token, username and session token, or administrator name \ user name and administrator password.
| Credentials | {user}/{token} Format | Example |
|---|---|---|
| Username & Password | {user_name}:{password} |
bob@example.com:MyPasswordIsAwesome! |
| Username & Site Token | {user_name}:{site_token} |
bob@example.com:{SiteToken}877f78fb-0671-407f-9903-147ca49a1ce4 |
| Username & User Token | {user_name}:{user_token} |
bob@example.com:{UserToken}dc436ab2-3ba5-4f43-8c96-3672a770d539 |
| Username & Session Token | {user_name}:{session_token} |
bob@example.com:{SessionToken}e0516d03-957d-4e51-b7b2-550d2a5193e0 |
| Administrator Impersonating User | {admin_name}\{user_name}:{admin_password} |
admin@example.com\bob@example.com:MyAdmin!PasswordIsBetter |
This option is best for end users who do not use the API very often or who just use the API to retrieve information in a web browser.
This option can be used by 3rd-party applications that are authorized to connect on behalf of an entire site. Site administrators can see the list of their current site tokens from the Site Admin / Authorized Apps & Websites page in Connections Online and delete tokens from there. SiteTokens should never be used in client-side code, since users could then use the SiteToken to log in as any other user on the site.
This option can be used by 3rd-party applications that are authorized to connect on behalf of the user. Users can see the list of their current user tokens from the User Settings page in Connections Online and delete tokens from there.
SiteTokens should never be used in client-side code, since users could then use the SiteToken to log in as any other user on the site. For 3rd-party applications that are authorized to connect on behalf of a site but want to make connections from client-side JavaScript, a SessionToken can be created. This is done by calling the Login method on the server side with the username and the SiteToken. A SessionToken is returned in the token field. Append the string {SessionToken} to the beginning of that token, then use the resulting string as the password in the client-side script.
Site administrators can use this option to sign in as any user from their site. This is useful to verify security settings for a user or to troubleshoot an issue the user is having.
