Authentication
Bridge authenticates your API requests using API keys that can be generated from the dashboard. All authentication is performed via HTTP Basic Auth via the Api-Key header. You do not need to pass in any additional information or a password. If a key is not included, or an incorrect key is passed, we will return a 401 - Unauthorized HTTP status code. You must also use HTTPS, as we will reject all API requests over plain HTTP.
Your API keys provide full access to our APIs so make sure to keep them fully secure. They should never be exposed in any public forums, or broadcasted internally within your organization.
Example
Here's a simple example of passing in your API key with any Bridge API endpoint:
curl --location --request GET 'https://api.bridge.xyz/v1/customers' \
--header 'Content-Type: application/json' \
--header 'Api-Key: <API Key>'
Revealing API secret keys just once
By default, as a security measure Bridge will only expose the full API key once, at the time of key generation. There is no mechanism after this initial reveal to access the key, so you should ensure that the key is copied and securely stored for access.
API keys in Sandbox
Because users in sandbox are scoped to their own unique developer account, API keys created in the sandbox won't show up in the dashboard for other users, even if those users share API keys in the production dashboard.
Updated 8 months ago