Authorization Headers, Organization Secret, and User Secret

Authenticate your account by including your User Secret and either your Organization Secret, Adapter Instance Token, or both in the Authorization header of API requests. 

Always refer to the Authorization parameters of the API docs for each request, but in general:

  • Platform API Requests: Include the User Secret and Organization Secret.
  • Adapter API Requests: Include the User Secret and Adapter Instance Token.
  • Some API requests require all three.

Pass the authorization parameters as part of an Authorization parameter, for example:

curl -X GET \ \
  -H 'authorization: User sAfK7LJGNz5ZHcNrvdJvLI=f03WbTbH6aRKc0HJ3oOIi, Organization 58168435e3b9959a929eb04b6218b9a2, Element yCCtl7Pqx0E4Qf6MBFXxT+/QcbogS1q1Deyw+1vSW=A3' \
  -H 'Content-Type: application/json' 

When you create an account with us, we assign you an Organization Secret and a User Secret. An Organization is a customer account of Sugar (/organizations), while a user  (/user) is an individual within an organization. The User and Organization secrets represent your account with Sugar Integrate.

Finding Your Secrets and Token

To find your Organization and User Secret open the profile menu on the lower left side of the page.

To find your Adapter Instance Token:

  • Go to the Instances page and look at the Token column.
  • Navigate to the adapter card, and then click View Token.
  • Make a GET /instances or GET /instances/{id} request and look for token in the response.

If you need to reset your user token, see Manage Security Settings.