Authentication
API can be accessed by authenticated users only. This means that every request must be signed with your credentials. We offer two methods of authentication: API Key and OAuth 2.0. API key is our primary method and should be used in most cases. GetResponse MAX clients have to send an X-Domain header in addition to the API key. Supported OAuth 2.0 flows are: Authorization Code, Client Credentials, Implicit, and Refresh Token.
API key
Follow these steps to send an authentication request:
- Find your unique and secret API key in the panel: https://app.getresponse.com/api
- Add a custom
X-Auth-Tokenheader to all your requests. For example, if your API key isjfgs8jh4ksg93ban9Dfgh8, the header will look like this:
X-Auth-Token: api-key jfgs8jh4ksg93ban9Dfgh8WARNING
For security reasons, unused API keys expire after 90 days. When that happens, you’ll need to generate a new key to use our API.
Example authenticated request
bash
$ curl -H "X-Auth-Token: api-key jfgs8jh4ksg93ban9Dfgh8" https://api.getresponse.com/v3/accountsOAuth 2.0
To use OAuth 2.0 authentication, you need to get an "Access Token". For more information on how to obtain a token, head to our dedicated page: OAuth 2.0
To authenticate a request using an Access Token, set the value of Authorization header to "Bearer" followed by the Access Token.
Example
If the Access Token is jfg93baDfgh8n9Ds8jh4ksg93ban9Dfgh8
Authorization: Bearer jfg93baDfgh8n9Ds8jh4ksg93ban9Dfgh8GetResponse MAX
GetResponse MAX customers need to take an extra step to authenticate the request. All requests have to be sent with an X-Domain header that contains the client's domain. For example:
X-Domain: example.comPlease note that the header must contain only the domain name, without the protocol identifier (http:// or https://).