Authentication & API keys

base url this is the url that should prefix all api requests https //api brella io/api/integration/ note all requests should be made over ssl, and api key authenticated endpoints shouldn't be used in client side code for security purposes if you need to display data on a public website, please use our "public api endpoints" or pre built widgets api keys must be treated as passwords, as they offer both read and write access to your brella organization and event data authentication authentication works by sending your unique api key using the brella api access token header to your request getting your unique api key please note api keys grant access to data in your brella organization and should be treated as passwords api keys should only be shared with trusted parties in a secure manner (eg using a password / credential manager or secure sharing platform) if you have purchased api access, all organization admins in your brella organization should see an “api key” section in the organization view of your admin panel note the “api key” option is not available to event admins and sponsor admins click on the green “create key” button to generate a unique api key the generated api key is tied to the organization admin who generated it — and is valid for accessing data in every organization they are a part of if that organization admin is removed from an organization, the api key will not be able to access data within it content type & data format the brella api works with json data in addition to the authentication header ( brella api access token \[apikey] ), every request must contain the following headers content type application/json accept application/vnd brella v4+json this api is organized around rest all request and response bodies, including errors, are encoded in json request bodies have no root element and use snake case for object keys response bodies comply with the json api specification