Authentication

The CustomerSuccessBox APIs uses API keys to authenticate requests.

API key and Secret key can be accessed from "API Key" tab under Developer Console section in Settings. This access is limited to "Administrator" profile.

API Key - supports POST request

Secret Key - supports GET, POST, and DELETE requests

Secret Key must NEVER be shared over any unsecured channel, and MUST be secured wherever maintained. Do not expose your Secret key in publicly accessible areas such as GitHub, client-side code, and so forth.

‚Äč HTTP Basic Auth must be used to authenticate a request. Secret key should be provided as the basic auth username value. You do not need to provide a password.

If you need to authenticate via bearer auth (e.g., for a cross-origin request), use -H "Authorization: Bearer {secret_key}"

All requests must be made over HTTPS protocol and must contain Authorization header with a valid API key. If these conditions do not meet, request will fail.