Authorization header

After configuring the prerequisites, there is some technical information that you will need in order to actually make an API call - such as how to make the authorization header, which is what we will go over in this section. The next section, “Making your first API call” will show everything in this and the previous section in a step-by-step walkthrough of a concrete example.


Each API call will require specifying an authorization header. This section will cover the technical background of creating a relevant HTTP header for Engagement API.

In Bloomreach Engagement, you can use 2 types of accesses: public or private access. These two types of access require different forms of authentication and thus will have a different way of configuring the authorization header.

Public API Access

The Public API Access uses Token authentication. You will need to use the API Token that you have generated in an API group with a public access type. An authorization header with the API token will look like this:

Authorization: Token 0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqr

URL param as an alternative to a header

In some obscure cases it may not be possible to set a header. There is an alternative for Public API Access provided as a URL param access_token.

Private API Access

The Private API Access uses Basic authentication. In the Basic HTTP authentication, a request contains a header field in the form of Authorization: Basic <credentials>, where credentials is the Base64 encoding of the API Key ID and API Secret joined by a single colon :.

To create credentials, follow these steps:

  1. Combine the Key ID and Secret with a colon in the following way:


  1. Encode the combined key as base64 to generate the authentication credentials

Hash example: MDEyMzQ1Njc4OWFiY2RlZmdoaWprbG1ub3BxcnN0dXZ3eHl6MDEyMzQ1Njc4OWFiY2RlZmdoaWprbG1ub3BxcjphYmNkZWZnaGlqa2xtbm9wcXJzdHV2d3h5ejAxMjM0NTY3ODlhYmNkZWZnaGlqa2xtbm9wcXJzdHV2d3h5ejAx

Once you have created the credentials, you can use them within the authorization header in the following way:

Authorization: Basic MDEyMzQ1Njc4OWFiY2RlZmdoaWprbG1ub3BxcnN0dXZ3eHl6MDEyMzQ1Njc4OWFiY2RlZmdoaWprbG1ub3BxcjphYmNkZWZnaGlqa2xtbm9wcXJzdHV2d3h5ejAxMjM0NTY3ODlhYmNkZWZnaGlqa2xtbm9wcXJzdHV2d3h5ejAx