Authentication

You'll need to authenticate your requests to access any of the endpoints in the Bento API. In this guide, we'll look at how authentication works. Bento authenticates your API requests using Basic authentication.

Basic authentication

To authenticate, use your publishable_key as the username and your secret_key as the password. This method ensures that your credentials remain safe while interacting with the API.

To scope your requests by site, utilize your site_uuid (commonly referred to as the Site Key). You can easily locate this unique identifier in your site settings or by clicking the gear icon on your site. Additionally, the site_uuid is readily available on your API keys page.

To provide the username password in the header of your request you will need to Base64 encode it, publishable_key + secret_key.

Here's an example of authenticating using cURL:

curl -L -X GET 'https://app.bentonow.com/api/v1/fetch/tags?site_uuid=YourSiteUUID1234' \
-H 'Accept: application/json' \
-H 'Authorization: Basic MyUserPasswordEncodedBase64'

Please don't commit your Keys to GitHub or any other source control!

If you ever make a mistake or believe the keys have been exposed revoke them in your team dashboard and issue a new set.

By adhering to these guidelines, you can effectively and securely manage API interactions, whether you’re working on a single site or juggling multiple accounts. Remember, safeguarding your API keys is paramount to maintaining the integrity and security of your data, so always handle them with care.

Using an SDK

If you use one of our official SDKs, you won't have to worry about any of the above — fetch your access keys from the Bento dashboard under settings, and the client library will take care of the rest.