GR API Docs

Authentication

API can be accessed by authenticated users only. This means that every request must be signed with your credentials. We offer two methods of authentication: API Key and OAuth 2.0. API key is our primary method and should be used in most cases. GetResponse MAX clients have to send an X-Domain header in addition to the API key. Supported OAuth 2.0 flows are: Authorization Code, Client Credentials, Implicit, and Refresh Token.

API key

Follow these steps to send an authentication request:

  • Find your unique and secret API key in the panel: https://app.getresponse.com/api
  • Add a custom X-Auth-Token header to all your requests. For example, if your API key is jfgs8jh4ksg93ban9Dfgh8, the header will look like this:
X-Auth-Token: api-key jfgs8jh4ksg93ban9Dfgh8

WARNING

For security reasons, unused API keys expire after 90 days. When that happens, you’ll need to generate a new key to use our API.

Example authenticated request

bash
$  curl -H "X-Auth-Token: api-key jfgs8jh4ksg93ban9Dfgh8" https://api.getresponse.com/v3/accounts

OAuth 2.0

To use OAuth 2.0 authentication, you need to get an "Access Token". For more information on how to obtain a token, head to our dedicated page: OAuth 2.0

To authenticate a request using an Access Token, set the value of Authorization header to "Bearer" followed by the Access Token.

Example

If the Access Token is jfg93baDfgh8n9Ds8jh4ksg93ban9Dfgh8

Authorization: Bearer jfg93baDfgh8n9Ds8jh4ksg93ban9Dfgh8

GetResponse MAX

GetResponse MAX customers need to take an extra step to authenticate the request. All requests have to be sent with an X-Domain header that contains the client's domain. For example:

X-Domain: example.com

Please note that the header must contain only the domain name, without the protocol identifier (http:// or https://).

X-Parent-Login header

A user can be in one or more accounts (parent accounts). The X-Parent-Login header allows you to limit API requests to a specific parent account.

For example, a user is assigned to two parent accounts with logins: abc@getresponse.com and xyz@getresponse.com.

If the X-Parent-Login: abc@getresponse.com header is set in API requests, they'll be made only for the parent account with the loginabc@getresponse.com.

If a request is made with the header X-Parent-Login: xyz@getresponse.com, it will return information only for the parent account with the login xyz@getresponse.com.