API Authentication

🚧
Organization-level authentication is deprecated
Organization-level keys are deprecated as of March 2022. Please use user-level authentication as described below.

All API requests must be executed over HTTPS. Calls made over plain HTTP will fail.

All API requests should include an authorization header with a valid Bearer token in the format 'Bearer <your_user_api_key>' .

The user API Key can be found within your Rotabull account at the bottom of the Integration Settings and uniquely identifies your user account:

Machine Users

If you would like to integrate with our API exclusively for read-only automation use cases, we recommend creating a Machine User in your organization and authenticating with the API using this account. This will allow you to interact with the API without attributing requests to individuals who typically use the Rotabull web interface.

A Machine User is a regular Rotabull account, but created with the sole purpose of working with the API. You would likely want to set the email for the account to be that of the developer or team working on the integration. In the future, we anticipate releasing some changes that will allow you to restrict the functionality a Machine User account has access to on the web application.

Token Refreshes

If you would like to cancel an API Token which is currently in use for any reason, please contact support@rotabull.com and we'd be happy to issue you a new one.