API Sender key
Every request must contain an API Sender key. This key is used to identify the source of the API request.
An API key is given to every company that has been granted API access. If you haven't requested access yet, you can do it here.
After you have been grated access, your API Sender key can be found on https://www.brainville.com/Configuration/Settings
API User Key
To authenticate the HTTP request, an API User key must be sent as part of the request.
To find your API User Key:
1) Login to the Brainville website
2) Go to your account settings
3) Your API User key is displayed at the bottom of the page.
Note that this key is unique for a specific user and company. In Brainville, each user can be connected to one or more companies; if a user is connected to multiple companies it is important to use the API key belonging to the correct company.
Important! To use the API to post assignments, the User connected to the API User Key must have the role “Buyer” in Brainville. You can add this role by going to the “Settings”-page for the user.
Using authentication in API requests
To authenticate with Brainville you use your API Credentials (User key, Sender key) and HTTP Basic auth.
The credentials should be sent as an authorization header for every request. The credentials should be on the form
Basic <credentials>
where <credentials> is the Base64 encoding of the string [API User Key]:[API Sender Key].
If the credentials are missing or wrong Brainville will respond with 401 Unauthorized. You can read more about HTTP Basic auth in this Wikipedia article.
Legacy authentication
It is still possible to authenticate by sending the keys as part of the XML content (for API methods using POST), or as part of the URL (for API methods using GET). Note that this will be removed in future versions of the API; you should use HTTP Basic auth as described above.