Hi  all,

i m looking for the way to authenticate   admin and / or  client with the api.

I don t  understand  the security system with the apikey.

I made a little test, for create client and  i didn't need to authenticate me, simply send my apikey.

If  i  made an application, and put  my apikey inside  if  people decompil it  he could be use my  apiKey.

What  is  the solution  ?

thanks  by advance,


StefForum, 8 years ago

Hum,  after little  invstigation i decide  to do this.

create an account database  on my own server  with  client account and  clientID

But  problem  is the same.

i  explain  better ( i hope ).

If i have an adobe AIR application ( or flash / flex ), i can make a login form  for  ident  the user on my server  and get the clientID from this.
but for  some campaign monitor i need the  apiKey,  i can send the apiKey when the user connect, but  with  simple soft  like Charles, etherreal or other, i can see the  apikey. 

With this apikey, i can make  what i want on campaign monitor without log me, if  i can get an apikey of other  user  i can make  all the api actions with this account .....

Do you have solution for this ?

Sure i can use my own  proxy myApp->myServer with php campaign monitor api-> campaign monitor action  -> myServer -> myApp but it s  not  a good way .....

Alex D, 8 years ago

I have been beating this drum for a while.. Apparently there is a solution in the works.

See  This Post

Alex Duffield - Owner
InControl Solutions

200,000 companies around the world can't be wrong.

From Australia to Zimbabwe, and everywhere in between, companies count on 
Campaign Monitor for email campaigns that drive real business results.

Get started for free