This page explains how to construct the authorization header for your API calls. It covers both public and private access types. For a step-by-step walkthrough using a concrete example, see the Making your first call guide.
Overview
Each API call requires an authorization header. This section covers the technical background of creating a relevant HTTP header for the Engagement APIs.
In Bloomreach, you can use 2 types of accesses: public or private. Each access type uses a different authentication method, so the authorization header is configured differently for each.
Public API access
Public API access uses Token authentication. You'll need the API Token generated in an API group with public access. Structure your authorization header as follows:
Authorization: Token 0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqr
URL parameter alternative
In cases where setting a header isn't possible, public API access offers an alternative: use the access_token URL parameter instead.
Private API access
Private API access uses Basic authentication. A request contains a header field in the form of Authorization: Basic <credentials>, where credentials is the Base64 encoding of the API Key ID and API Secret joined by a single colon :.
To create your credentials, follow these steps:
- Combine the API Key ID and API Secret with a colon:
0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqr:abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz01
- Encode the combined key as Base64 to generate the authentication credentials:
MDEyMzQ1Njc4OWFiY2RlZmdoaWprbG1ub3BxcnN0dXZ3eHl6MDEyMzQ1Njc4OWFiY2RlZmdoaWprbG1ub3BxcjphYmNkZWZnaGlqa2xtbm9wcXJzdHV2d3h5ejAxMjM0NTY3ODlhYmNkZWZnaGlqa2xtbm9wcXJzdHV2d3h5ejAx
- Use the credentials in your authorization header:
Authorization: Basic MDEyMzQ1Njc4OWFiY2RlZmdoaWprbG1ub3BxcnN0dXZ3eHl6MDEyMzQ1Njc4OWFiY2RlZmdoaWprbG1ub3BxcjphYmNkZWZnaGlqa2xtbm9wcXJzdHV2d3h5ejAxMjM0NTY3ODlhYmNkZWZnaGlqa2xtbm9wcXJzdHV2d3h5ejAx