Authentication ​

Authenticate your account when using the API by including your secret API key in the request. Your API keys carry many privileges, so be sure to keep them secret! Do not share your secret API keys in publicly accessible areas such as GitHub, client-side code, and so forth.

Authentication to the API is performed via bearer tokens. Pass your API Key as a bearer token in the Authorization header.

Once you receive an ssoToken from Client Sync, you can change out the API key for that ssoToken. This allows clientside UI to perform actions against the API without exposing your API Key and will be scoped to just that client.

Example Request

curl "https://api.q2open.io/v1/bill/list/579b695decfa11012711875d"
    -H "Authorization: Bearer dc220490-e6ee-11e5-8a94-e7385a8d929e"