Home
API Reference
Start typing to search…

Authentication

The RumbleUp API supports Basic Authentication (see link below). Use your RumbleUp Account ID as the username and one of your accounts API keys as the password.

Developer Keys can be found in the application, under Integrations / API Keys.

When the user agent wants to send authentication credentials to the server, it may use the Authorization header field.

The Authorization header field is constructed as follows:

  • An API key consists from 2 parts: key and secret separated by a colon : KEY:SECRET.
  • The username and password are combined with a single colon (:). This means that the username itself cannot contain a colon.
  • Your API keys inherit your admin privileges on creation, so be sure to keep them secure! Do not share your secret API keys in publicly accessible areas such as GitHub, client-side code, and so forth.
  • Authentication to the API is performed via HTTP Basic Auth. Provide your API key as the basic auth username value and the secret as a password.
  • If you need to authenticate via bearer auth (e.g., for a cross-origin request), in curl use -H “Authorization: Bearer KEY:SECRET”
  • All API requests must be made over HTTPS. Calls made over plain HTTP will fail. API requests without authentication will also fail.
  • The resulting string is encoded into an octet sequence. The character set to use for this encoding is by default unspecified, as long as it is compatible with US-ASCII, but the server may suggest the use of UTF-8 by sending the charset parameter.
  • The resulting string is encoded using a variant of Base64 (+/ and with padding).
  • The authorization method and a space character (e.g. "Basic" ) is then prepended to the encoded string. For example, if the browser uses Aladdin as the username and open sesame as the password, then the field's value is the Base64 encoding of Aladdin:open sesame, or QWxhZGRpbjpvcGVuIHNlc2FtZQ==. Then the Authorization header field will appear as:
Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==

In Typescript / JavaScript / Node, this may look like:

const username  : string = "YOUR_USERNAME";
const apikey    : string = "YOUR_API_KEY";
const basicAuth : string = "Basic " + btoa( username + ":" + apikey );

Postman

When using Postman enter the KEY part in the Username field and the SECRET in the Password for Basic authorization. For Bearer type paste the whole KEY:SECRET pair in the Token field.