API Authorization - Bloomreach Experience - The Headless Digital Experience Platform Built for Commerce

API Authorization



Obtain and use an authorization token for read and/or write access to management APIs.


APIs exposing development and/or management functionality require authorization using a token. These tokens are linked with a developer's user identity, and can be configured to allow access to all or a subset of functionality available to the developer.

The tokens themselves are intended to be opaque, short-lived, and easy to create and revoke. Bloomreach recommends to use a separate token for each use case and interaction, with as short a life-span as possible, to limit the risk of accidental credential exposure. Using separate tokens for each use case makes it easier to revoke tokens that may have been exposed without disrupting other use cases. Setting a short expiration will revoke tokens and limit risk automatically.

Tokens are created in the API token management application in brX and passed as x-auth-token header in API requests.

Authorization using the x-auth-token header is currently supported by the following APIs:


  1. Log in to brX using an account with Site Developer privileges.

  2. Navigate to Setup > brXM API token management:

  3. Click on the + API token button in the top right:

  4. Fill in a Token name, choose an Expiration date (up to 1 month in the future), check the Read and/or Write checkboxes, and click on Create. We recommend setting the expiration date as soon as possible, to automatically limit risk of accidental credential exposure.

  5. Copy the token to the clipboard or write it down. This is the only time it will be displayed. We recommend simply creating new tokens at need, rather than attempting to store the token value in a password manager or other long-term storage.

  6. Include the token in the x-auth-token header in your API requests:

    x-auth-token: VMpSrbVpCEpNpsPLCntXqFnTBTQmQdnLEYljaRnAkhqbzclevMBrTexENKVmtQYc
Did you find this page helpful?
How could this documentation serve you better?
On this page
    Did you find this page helpful?
    How could this documentation serve you better?