Authentication
There are three ways to log into the Tender API: API Token, SSO token (this is deprecated), or email/password.
API Token
This is the preferred way to use the API. Supporters can use their own API key to post as anyone else, so it's not necessary (or desirable) to authenticate as a user to post discussions or replies as that user.
You can find your API token on your profile edit page. You can
plug the token in through a X-Tender-Auth header or
the auth GET parameter:
> curl -H "Accept: application/vnd.tender-v1+json" \
https://api.tenderapp.com/yoursite?auth=abc123
> curl -H "Accept: application/vnd.tender-v1+json" \
-H "X-Tender-Auth: abc123" \
https://api.tenderapp.com/yoursite
SSO Token
Please note that this method of API authentication is deprecated and may be removed in the future. SSO should only be used for logging your users into your Tender support web site.
If you can generate your own SSO Multipass token, then
you can use it to authenticate with the API. You can either send it
in a X-Multipass header, or the sso GET
param.
> curl -H "Accept: application/vnd.tender-v1+json" \
https://api.tenderapp.com/yoursite?sso=abc123
> curl -H "Accept: application/vnd.tender-v1+json" \
-H "X-Multipass: abc123" \
https://api.tenderapp.com/yoursite
Email/Password
This method is not recommended if you don't control where the password is being stored. Just specify your login info with standard HTTP Basic Authentication parameters:
> curl -H "Accept: application/vnd.tender-v1+json" http://api.tenderapp.com/help
Invalid email/password
# use valid login
curl -H "Accept: application/vnd.tender-v1+json" -u "EMAIL:PASSWORD" https://api.tenderapp.com/yoursite
{...}
# if using https, login this way, and you must escape the '@' in the EMAIL to '%40'
curl -H "Accept: application/vnd.tender-v1+json" https://EMAIL:PASSWORD@api.tenderapp.com/yoursite
{...}