Authentication
There are three ways to log into the Tender API: API Token, SSO token (this is deprecated), or email/password.
API Token
This is the preferred way to use the API. Supporters can use their own API key to post as anyone else, so it's not necessary (or desirable) to authenticate as a user to post discussions or replies as that user.
You can find your API token on your profile edit page. You can plug the token in through a X-Tender-Auth header or the auth GET parameter:
> curl -H "Accept: application/vnd.tender-v1+json" \
https://api.tenderapp.com/yoursite?auth=abc123
> curl -H "Accept: application/vnd.tender-v1+json" \
-H "X-Tender-Auth: abc123" \
https://api.tenderapp.com/yoursite
SSO Token
Please note that this method of API authentication is deprecated and may be removed in the future. SSO should only be used for logging your users into your Tender support web site.
If you can generate your own SSO Multipass token, then you can use it to authenticate with the API. You can either send it in a X-Multipass header, or the sso GET param.
> curl -H "Accept: application/vnd.tender-v1+json" \
https://api.tenderapp.com/yoursite?sso=abc123
> curl -H "Accept: application/vnd.tender-v1+json" \
-H "X-Multipass: abc123" \
https://api.tenderapp.com/yoursite
What Happens When a Token Expires
When you attempt to use an expired API token, you'll receive an error response:
HTTP/1.1 401 Unauthorized
Content-Type: application/json
{
"error": "API token has expired. Please generate a new token from your account settings."
}
Generating a New Token
To generate a new API token:
- Log in to your Tender account
- Go to your user profile.
- Click Reset API Token
- Your new token will be displayed with a fresh 1-year expiration
Important: When you reset your token, your old token is immediately invalidated. Make sure to update all applications and integrations using the old token.