We've recently signed someone up to CM. Their developer wants to access the API. Will giving them this documentation give away the fact we're using CM? Just worried that we'll give them the code to do what they want to (cart abandonment strategy) and they'll just decide to CM direct.
Hi Kris2, this is an interesting situation. While our API methods use the createsend.com domain, pointing the developer to our public docs will obviously give away our identity. Also, copying and pasting the necessary methods from our docs and handing over your API key may present even bigger issues.
First of all, googling api.c-s-.com returns our API docs. This is a hard one to avoid, as we do have to keep our docs public.
Then, in giving the developer your API details, you're pretty much giving them full control of your account. This is pretty serious if you have other clients (and opens up your account to abuse), so please keep this security risk in mind.
So as you can see, we're in a bit of a jam. Potentially you can start a new account specifically for this client, however with your API details in the open you're pretty much handing over administrator rights and there's no guarantee that you will be able to protect your white label status.
Sorry I don't have a definitive solution here, but if you do hand over API details to a 3rd party, I'd strongly recommend using a separate account. Let us know if you have any questions about the above :)
Eeek! Really? Thank goodness we haven't handed it over. Could I confirm here - if I give the client their individual api key (not our overall api key) will this really mean that they'd gain access to all of our clients in
Hi Kris, actually, you're onto something - the client API key may suffice and will mean that the dev can't access the other clients in the account. I'm sorry for overlooking this. You may be interested in this earlier conversation on this topic - if you have any questions, be sure to let us know :)