The CustomerSuccessBox APIs uses API keys to authenticate requests.

API key and Secret key can be accessed from "API Key" tab under Developer Console section in Settings. This access is limited to "Administrator" profile.

API Key - supports POST request

Secret Key - supports GET, POST, and DELETE requests

Secret Key must NEVER be shared over any unsecured channel, and MUST be secured wherever maintained. Do not expose your Secret key in publicly accessible areas such as GitHub, client-side code, and so forth.

HTTP Bearer Auth must be used to authenticate a request. Secret key should be provided as the token in Authorization Header. You do not need to provide a password.

To authenticate via bearer auth (e.g., for a cross-origin request), use -H "Authorization: Bearer {secret_key}"

All requests must be made over HTTPS protocol and must contain Authorization header with a valid API key. If these conditions do not meet, request will fail.