API Client
Access the Suger API via the API Client Auth
Overview
To access the Suger API for integration purposes, it requires an API Client for authentication.
- Each organization can create up to FIVE API Clients.
- If your organization needs additional API Clients with specific justifications, please contact our support team at support@suger.io. We are available to help you manually add extra API Clients to your organization
Create API Client With API Key
- Visit the settings page of your organization. Find the
API Client
section as shown below. - Click the button
CREATE API CLIENT
and selectAPI_KEY
as the Auth Type. Please store theAPI Key
carefully in a safe place, since it only shows once.
Use API Key to Access Suger API
- In order to access the suger API, you should include the
API Key
in the HTTP request header under theAuthorization
field, with the formatKey ...
. For example,
curl -L -X GET
'https://api.suger.cloud/org/sugerOrgId/user'
\
-H
'Content-Type: application/json'
\
-H
'Authorization: Key 673d5b018d472f...'
- Creating a new API client with bearer token is no longer supported. Instead, please create a new API client with API key.
- Existing API clients that use a bearer token can still be utilized to access the Sugar API without any disruption.
- Visit the settings page of your organization. Find the
API Client
section as shown below. - Click the button
CREATE API CLIENT
and selectBEARER_TOKEN
as the Auth Type. Please store theClient Secret
carefully in a safe place, since it only shows once.
Get / Refresh Bearer Token
- Send a
POST
request tohttps://api.suger.cloud/public/apiClient/accessToken
following the API Auth Reference
curl -L -X POST
'https://api.suger.cloud/public/apiClient/accessToken'
\
-H
'Content-Type: application/json'
\
-d
'{
"organizationID": "your-suger-organization-id",
"id": "your-API-client-id",
"secret": "your-API-client-secret"
}'
- If succeed, you shall receive
200 OK
response with payload like below. The default expiration time of token is1 hour
{
"access_token"
:
"eyJhbGciOiJSUzI1NiIsInR5cCI6I..."
,
"expires_in"
:
3600
,
"expires_on"
:
"2023-05-15T04:41:58.670945Z"
,
"token_type"
:
"Bearer"
}
Use Bearer Token to Access Suger API
- In order to access the suger API, you should include a
bearer token
in the HTTP request header under theAuthorization
field, with the formatBearer ...
. For example,
curl -L -X GET
'https://api.suger.cloud/org/sugerOrgId/user'
-H
'Content-Type: application/json'
\
-H
'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6I...'
Rotate API Client Secret / API Key
Suger doesn't save your Client Secret
or API Key
. If you forget or lose it, the API client has to be rotated with a new secret or API Key. Click the rotate secret icon to do it. Once the Client Secret
or API Key
is rotated, the old one will be invalid immediately.
Delete API Client
Click the delete icon to delete the API client. Then you are available to create a new one.