To start using the API, you need to create and configure relevant API accesses and permissions first.
Set up API groups
API accesses are handled through API Groups. API Groups are collections of API access keys that allow you to have a different set of permissions for each separate group. Read more about API Groups.
To create a new API Group, in your project, navigate to Project settings > Access management > API. Then, click on API Groups > + New group. Choose either the public or private group type and name your group.
Depending on whether you created a group with a public or private API access type, you will now either see an API Token or API key consisting of an API Key ID + API Secret pair. Bloomreach will automatically generate one token or key when a new group is created. Tip: If you create a group using private access, store the secret part of the key securely.
You can create more tokens/keys belonging to this group by clicking on the “Add key” button. You can add a custom name to each API token/key, for example, depending on the use case, or delete the token/key, by clicking on the “delete” button on the right. They can also be deleted programmatically via the Revoke API key .
The private API access has an additional option: rotate the API Secret for each key pair. You can do this through the Bloomreach interface or programmatically using our Rotate API Secret.
After rotation, the API Secret remains valid for the next 24 hours. During this grace period, both old and new secrets are accepted for authentication, to track data, and to access the API.
Group permission
Now that you have set up the first API group with the necessary access, you can configure its permissions.
By default, the group has no permissions. To start using the API, you need to allow this group access to the data you want to use.
The permissions are split into several categories. In most cases, you can allow the API to either get or set the relevant data. You can do so by ticking the checkboxes next to the Get/Set options. In some cases, there will only be a “Get” or simply “Allowed” option.
