Authentication

Authentication

Our API offers multiple authentication methods to suit different use cases. The various methods provide flexibility and robust security, ensuring that your interaction with our API aligns with the best practices in the industry.

1. Anonymous Calls

Some endpoints are accessible without any authentication, allowing public access. This can be useful for open data retrieval and certain read-only operations. Check the specific endpoint documentation to see which ones allow anonymous access.

Examples of anonymous calls:

Sellable Product Ids (opens in a new tab)

Media Content (opens in a new tab)

2. Basic Authentication

Basic authentication requires a username and password to be passed with the request. The credentials must be base64 encoded in the format username:password and included in the Authorization header:

Authorization: Basic base64(username:password)

The important thing to notice here is that you can pass your username and password for a given supplier. In this case, we will use your credentials to authenticate with the supplier. This is useful when you want to test our API without having to create a new account with us.

There is also another case where this method can be beneficial. If you have credentials for a supplier and we still haven't integrated with them, you can use this method to authenticate with the supplier and retrieve the data you need.

You could ask the supplier for credentials using the following link: PromoStandards Endpoints (opens in a new tab). Note that you can only do this if you're logged in, clicking on the key button in the far right for every endpoint.

3. API KEY Authentication

API KEY authentication is a simple method that requires including your unique API key in the request header. You can obtain this key from your user dashboard.

x-api-key: YOUR_API_KEY_HERE

You will be able to create API keys for your account and manage them from your user dashboard. This method is safe, but if someone gets a hold of your API key, they will be able to access your account. We recommend using this method only for testing purposes and for inventory retrieval; however, this method will not be allowed for order submission. In order to submit orders, you will need to use the OAuth2 method.

Here is an example in python:

import requests
 
url = "https://api.psrestful.com/v1.1.0/suppliers/PCNA/medias/TM97813/?environment=PROD"
 
headers = {
  'x-api-key': 'YOUR API KEY HERE'
}
 
response = requests.request("GET", url, headers=headers)
 
print(response.json())

4. Bearer Token Authentication

Bearer token authentication provides secure access using a token that can be obtained through OAuth2 or other token providers. This method aligns with the best practices in security:

Authorization: Bearer YOUR_TOKEN_HERE
4.1 OAuth2

We strongly recommend using OAuth2 tokens when available, as they adhere to an industry-standard protocol for authorization. OAuth2 provides several grant types, allowing for fine-grained control over access and refreshing tokens. Consult our OAuth2 Integration Guide for detailed information on implementing OAuth2 with our API.

Security Considerations

  • Transport Layer Security: Ensure that you are connecting over HTTPS to maintain the confidentiality and integrity of your data.
  • Token Storage: Be cautious with how you store and handle tokens, particularly in client-side applications. It's essential to follow secure practices for storing sensitive information.
  • Rate Limiting: Be aware of the rate limits that apply to your chosen authentication method. Our documentation on Rate Limits provides more details.
  • Permissions: In our case, for now, a user with access will have access to all API calls but we will change that in the near future. We will provide more details on how to manage permissions as changes occur.

Please refer to the specific endpoint documentation to determine which authentication methods are supported and any additional requirements.