Authentication overview

All requests to Rebrandly API need to be authenticated.

Supported authentication methods are:

Depending on your integration pattern, you might find one method easier than the other.

For example, if you are willing to operate maintenance on your own Rebrandly account, the most straightforward method is to create a new API key and to start using it in your scripts.
API keys are disposable so that you can manually create and delete them once you are done with your task.

📘

Pro tip: use multiple Rebrandly accounts

It would be better to create a separated Rebrandly account for developers in your organization. You can invite them to join as members of your organization's Rebrandly Workspaces and they can create disposable API keys from their developer accounts and use them to interact programmatically with your workspaces.

By contrast, if you are going to interact with Rebrandly API on behalf of another Rebrandly account in your web application, you might want to set up a way for the other user to automatically provide you with a valid authentication method on the fly, without requiring such user to create an API key and share it with you (which is not the safest possible option).

The recommended flow for this case is to integrate your web application with Rebrandly Authentication system so that you can redirect users to Rebrandly and have them authenticated using their credentials, and Rebrandly will manage to redirect them back to your web application providing you with a temporary token you can use to interoperate with the Rebrandly API.


What’s Next