This API is an SSL-only API. You must be a Connections Online user to make API requests. You can authorize against the API using basic authentication with any of the following credential pairs: username and password, username and site token, username and user token, username and session token, or administrator name \ user name and administrator password.

Credentials {user}/{token} Format Example
Username & Password {user_name}:{password} bob@example.com:MyPasswordIsAwesome!
Username & Site Token {user_name}:{site_token} bob@example.com:{SiteToken}4e2130fe-48ca-49aa-916e-74d5c65185c5
Username & User Token {user_name}:{user_token} bob@example.com:{UserToken}6575e3a3-6ba9-408c-bf9f-9e2a1721abf3
Username & Session Token {user_name}:{session_token} bob@example.com:{SessionToken}8795f6c9-05c1-49e3-8a49-0c1951e5e745
Administrator Impersonating User {admin_name}\{user_name}:{admin_password} admin@example.com\bob@example.com:MyAdmin!PasswordIsBetter

Username & Password

This option is best for end users who do not use the API very often or who just use the API to retrieve information in a web browser.

Username & Site Token (Server-side Code Only)

This option can be used by 3rd-party applications that are authorized to connect on behalf of an entire site. Site administrators can see the list of their current site tokens from the Site Admin / Authorized Apps & Websites page in Connections Online and delete tokens from there. SiteTokens should never be used in client-side code, since users could then use the SiteToken to log in as any other user on the site.

Username & User Token

This option can be used by 3rd-party applications that are authorized to connect on behalf of the user. Users can see the list of their current user tokens from the User Settings page in Connections Online and delete tokens from there.

Username & Session Token

SiteTokens should never be used in client-side code, since users could then use the SiteToken to log in as any other user on the site. For 3rd-party applications that are authorized to connect on behalf of a site but want to make connections from client-side JavaScript, a SessionToken can be created. This is done by calling the Login method on the server side with the username and the SiteToken. A SessionToken is returned in the token field. Append the string {SessionToken} to the beginning of that token, then use the resulting string as the password in the client-side script.

Administrator Impersonating User

Site administrators can use this option to sign in as any user from their site. This is useful to verify security settings for a user or to troubleshoot an issue the user is having.