Authentication & API keys
This is the URL that should prefix all API requests: https://api.brella.io/api/integration/.
Note: All requests should be made over SSL, and API key authenticated endpoints shouldn't be used in client-side code for security purposes. If you need to display data on a public website, please use our "Public API endpoints" or pre-built widgets. API keys must be treated as passwords, as they offer both read and write access to your Brella organization and event data.
Authentication works by sending your unique API key using the Brella-API-Access-Token header to your request.
Please note: API keys grant access to data in your Brella organization and should be treated as passwords. API keys should only be shared with trusted parties in a secure manner (eg: using a password / credential manager or secure sharing platform)
If you have purchased API access, all organization admins in your Brella organization should see an “API key” section in the organization view of your Admin Panel.
Note: The “API key” option is not available to event admins and sponsor admins.
Click on the green “Create key” button to generate a unique API key. The generated API key is tied to the organization admin who generated it — and is valid for accessing data in every organization they are a part of. If that organization admin is removed from an organization, the API key will not be able to access data within it.
The Brella API works with json data. In addition to the Authentication header (Brella-API-Access-Token: [APIKEY]), every request must contain the following headers:
Content-Type: application/json
Accept: application/vnd.brella.v4+json
This API is organized around REST. All request and response bodies, including errors, are encoded in JSON.
Request bodies have no root element and use snake_case for object keys.
Response bodies comply with the JSON API specification.