Hi, we have several clients in our own "white labelled" version of Campaign Monitor. Now one of them wants to use the Drupal API plug-in on their own website. I'd rather not give them OUR API key, but rather give them their own (so they don't have the ability to access information about our other clients).
How can I do this?
Thanks a lot,
Hey there Johnny, this is a tricky one - in some situations, the Client ID may suffice, but your best bet is to get in touch with the plugin developer and see what can be done. We too wouldn't recommend giving away your API key, either!
I just wanted to add that there is actually a per-client API key that you can get via this API method, using the client's login details.
This works exactly like the master API key, except it only gives access to that one client. So that's a safer one to give them, for use with the Drupal plugin.
Thanks a lot for the help, Stig! That's great to know.
Hi, I've passed this onto the Client's Web Developer. I've had a quick look myself and all I seem to get from the API is:
"Code":105,"Message":"Your login URL, username and password combination is incorrect."
I'm sending the following:
curl -u "username:passwordBase64" https://api.createsend.com/api/v3/apikey.json?siteurl=http://sitelogin.createsend.com
Everything is definitely correct, but I still get the above message? :(
Sorry about the confusion there. In the siteurl parameter at the end, you actually need to replace http://sitelogin.createsend.com with the URL to your account. Does that work better?
Yes, I did realise that :) Unfortunately, even with the correct site parameter, I get the same result :(
I've even tested it with several different accounts, with various levels of privilege :(
Hm, that's quite odd then! Do you get the same error if you try opening the URL directly in a browser?
No, the site parameter works fine as a URL in itself :-/ I guess I must be doing something else wrong (?). I'm right to encode the password in Base64?
Aha! It seems that you DON'T have to encode your password in Base64, you just send it plain text. Also, the user must have SOME privileges for the API key to be generated -- you can't just have an account with no privileges.
Ah, nice catch Johnny, sorry we didn't notice what was causing the errors. Great to hear you did get it working in the end!