API Authentication - version 2

Introduction

Version 2 of our API uses key-based access control. Keys are created and managed in the “Manage users” area of your account, in much the same way that normal users are managed: API keys can have the same permission levels as normal users. They can also be restricted either by an expiry date or by IP address.

API keys are very powerful and should be treated with the same protection as you would treat passwords.

Using a key

Once a key is created, it is used by adding it to a HTTP request in an Authorization header. The header can be added either as HTTP Basic Authentication or as an OAuth2 Bearer token.

HTTP Basic Authentication

When using HTTP Basic Authentication, provide your API key as the basic auth username value. A password does not need to be provided.

Bearer Header

The API key can also be used in its raw unencoded form by adding it to the Authorization header with the Bearer parameter. For example: Authorization: Bearer CAJgeo1bepNW2bpQWPDlrnhT8hwOAZCE

Examples

HTTP Basic Authentication

curl https://www.simplelists.com/api/2/contacts/ -u CAJgeo1bepNW2bpQWPDlrnhT8hwOAZCE:

Bearer Header

curl https://www.simplelists.com/api/2/contacts/ -H 'Authorization: Bearer CAJgeo1bepNW2bpQWPDlrnhT8hwOAZCE'