Authentication

There are three ways to log into the Tender API: API Token, SSO token (this is deprecated), or email/password.

API Token

This is the preferred way to use the API. Supporters can use their own API key to post as anyone else, so it's not necessary (or desirable) to authenticate as a user to post discussions or replies as that user.

You can find your API token on your profile edit page. You can plug the token in through a X-Tender-Auth header or the auth GET parameter:

> curl -H "Accept: application/vnd.tender-v1+json" \
  https://api.tenderapp.com/yoursite?auth=abc123

> curl -H "Accept: application/vnd.tender-v1+json" \
  -H "X-Tender-Auth: abc123" \
  https://api.tenderapp.com/yoursite

SSO Token

Please note that this method of API authentication is deprecated and may be removed in the future. SSO should only be used for logging your users into your Tender support web site.

If you can generate your own SSO Multipass token, then you can use it to authenticate with the API. You can either send it in a X-Multipass header, or the sso GET param.

> curl -H "Accept: application/vnd.tender-v1+json" \
  https://api.tenderapp.com/yoursite?sso=abc123

> curl -H "Accept: application/vnd.tender-v1+json" \
  -H "X-Multipass: abc123" \
  https://api.tenderapp.com/yoursite

Email/Password

This method is not recommended if you don't control where the password is being stored. Just specify your login info with standard HTTP Basic Authentication parameters:

> curl -H "Accept: application/vnd.tender-v1+json" http://api.tenderapp.com/help
Invalid email/password

# use valid login
curl -H "Accept: application/vnd.tender-v1+json" -u "EMAIL:PASSWORD" https://api.tenderapp.com/yoursite
{...}

# if using https, login this way, and you must escape the '@' in the EMAIL to '%40'
curl -H "Accept: application/vnd.tender-v1+json" https://EMAIL:PASSWORD@api.tenderapp.com/yoursite
{...}