Authentication happens via 2 unique keys which should be represented as HTTP headers in each API request.
X-Master-Key
Representing the Account key, which is connected to your account. This key is the same for all api users within your account.
X-Key
Representing the key, the key will be linked to one or more roles. Depending on the roles you will be able to execute certain requests or not.
The required roles for each method are list in the API Reference
Both keys can be found in the keys section after logging in. The required HTTP headers can be copy/pasted from the tooltip for each individual Key.
This role is required for all requests which will update contacts or contactfolders. If the role is missing, you will get a Unauthorized exception.
Results (read)
This role is required to retrieve the results of a survey.
Results (write)
Survey (write)
You can check the roles applicable for your credentials with 3/keys/current
Granular permissions
If you want to choose what surveys or contact lists are accessible by an API key, you can work with user accounts.
An API key always belongs to a user, and never has more permissions than this user.
To create an API key with specific permissions, follow these steps:
In the tool, go to Account > Users.
Add a new user with the API user role. Assign the rights and permissions you'd like for the API key.
Make sure this user has an email address that you have access to, and save your changes.
Log into the tool with this new user account.
Go to Account > API > Keys and create the API key.
What happens to API keys when I delete the related user?
If an API user/API administrator is removed from your account, we will move the API key(s) to a different API administrator.
If we can't find an API administrator, the key will be moved to the account administrator. This way we will make sure, your existing integration will still be working.
Important note: Your API administrator(s) should have access to the same surveys as your API users.