Authentication

Authentication is the process of proving you are who you say you are. Bedful uses bearer tokens to identify channels which wish to connect to the API, by issuing you with a secret Access Key unique to your channel. All access is over https (no http allowed), which means the API requires only an access key to use. All API endpoints are HTTPS, calls using plain HTTP will fail, and API requests without an access key will fail. The API relies on the HTTPS transport for security.

Getting a Bedful Access Key

Apply to the Bedful team at devs at bedful to acquire a secret Access Key for connecting to the bedful API. You will be given a partner login and a channel assigned on bedful, with which you'll be able to use the Access Key on bedful. Your key is a secret and should be treated as a password, as it allows access for your channel to the Bedful API.

Renewing Access Keys

Access Keys can be renewed on request if they have been compromised. You should treat access keys as a secret like an ssh private key or a password and only store them in secure areas or encrypted. Avoid storing them in version control or in files which are shared widely, even if only internally.

Using Access Keys

The Bedful API uses HTTPS for transmitted all information, and basic authentication to encode keys, with the secret access key for your integration supplied as the username of the Authorise field - this is represented by the placeholder BEDFUL_KEY in examples, as below. Note the colon after the key, which indicates there is no basic auth password given.

curl -u BEDFUL_KEY: https://devapi.bedful.com