**Configuration Change. ** As of version 4.1, API authentication is enabled by default. For instructions to disable it, see Enforcing REST API/UI User Authentication . Version 4.2 and later add View Adaptive Delivery Data grant type.
When API authentication is enabled, all APIs require that you authenticate with every request by providing an
Authorization header with a value equal to a valid API key. The API key must have the appropriate permissions to use the API. Using the UI, administrators can view details about the existing API keys, create new API keys, update existing API keys, and delete API keys no longer need.
admin in the upper-right corner, as shown in “admin Username”, to open the Settings section.
The Settings section provides a tabular view of your existing API keys, as shown in “API Keys Table”. The following information is displayed in the table for each API key:
Key - Label specified when you created the API key
Permissions - Valid grant types for which the API key will have access
API keys can access any resource you give them access to except for the user resources. This restriction is for security reasons. An API key should not be able to modify users. If your key gets loose, this restriction prevents it from being used to gain unfettered access to your system accounts. In “API Keys Table”, example_api_key has access to metrics, webhooks, and transmissions.
To create an API key that meets your specific requirements, you must understand the permissions required by each API. Table 44.1, “Grant Types” gives a mapping of the permissions for a given grant type.
|View Metrics||GET requests on /api/v1/metrics|
|View Adaptive Delivery Data||GET requests on /api/v1/adaptive-delivery|
|View Webhooks||GET requests on /api/v1/webhooks|
|Modify Webhooks||GET, POST, PUT, DELETE requests on /api/v1/webhooks|
|View Templates||GET requests on /api/v1/templates|
|Modify Templates||GET, POST, PUT, DELETE requests on /api/v1/templates|
|Preview Templates||POST requests on /api/v1/templates|
|View Transmissions||GET requests on /api/v1/transmissions|
|Modify Transmissions||GET, POST, PUT, DELETE requests on /api/v1/transmissions|
|Send via SMTP||Allow this API Key to perform SMTP injection (Note that your configuration must support SMTP authorization.)|
|Manage recipient lists||GET, POST, PUT, DELETE requests on /api/v1/recipient-lists|