Hi  all,

i m looking for the way to authenticate   admin and / or  client with the api.

I don t  understand  the security system with the apikey.

I made a little test, for create client and  i didn't need to authenticate me, simply send my apikey.

If  i  made an application, and put  my apikey inside  if  people decompil it  he could be use my  apiKey.

What  is  the solution  ?

thanks  by advance,


StefForum, 7 years ago

Hum,  after little  invstigation i decide  to do this.

create an account database  on my own server  with  client account and  clientID

But  problem  is the same.

i  explain  better ( i hope ).

If i have an adobe AIR application ( or flash / flex ), i can make a login form  for  ident  the user on my server  and get the clientID from this.
but for  some campaign monitor i need the  apiKey,  i can send the apiKey when the user connect, but  with  simple soft  like Charles, etherreal or other, i can see the  apikey. 

With this apikey, i can make  what i want on campaign monitor without log me, if  i can get an apikey of other  user  i can make  all the api actions with this account .....

Do you have solution for this ?

Sure i can use my own  proxy myApp->myServer with php campaign monitor api-> campaign monitor action  -> myServer -> myApp but it s  not  a good way .....

Alex D, 7 years ago

I have been beating this drum for a while.. Apparently there is a solution in the works.

See  This Post

Alex Duffield - Owner
InControl Solutions

Join 200,000 companies around the world that use Campaign Monitor to run email marketing campaigns that deliver results for their business.

Get started for free