API developer access
In order to start using the SpotMe API, you will need to ask your SpotMe organization administrator for an API Developer access. This is done at the organization level, not at the Backstage user or workspace level.
SpotMe uses "bearer authentication" for protected API calls.
Bearer authentication (also called token authentication) is an HTTP authentication scheme that involves security tokens, called bearer tokens, and was originally created as part of OAuth 2.0.
The name "bearer authentication" can be understood as to "give access to the bearer of this token".
The bearer token is a cryptic string, generated from the Backstage user as described below.
Getting a token
- Once you are granted an API Developer access, log in to Backstage at https://backstage.spotme.com/.
- Once you are logged into Backstage, click on your initials located at the bottom left corner of the screen, and then click on your name:
- Click on the API tokens tab, and then on Create a token:
- A window will appear asking for an identifier for your new token. Enter the application name as the identifier, and then click on Create:
- A new popup with your new token (string of characters) will be displayed.Please note that this will be the only time you will ever see your token, so, please take note of it in a secure place:
- Click Dismiss to close the token window.
In order to delete a token, click on the delete button showing in red:
Using a token
In order to send a secured request, every API call must include an authorization header:
Authorization: Bearer <token>.
Where <token> is the token you generated in the previous step.
- The token is valid for 5 years.
- The token is valid for all the workspaces that its creator has access to.
- The token is personal, do not share it with other people.
For a general list of available API endpoints, please check api.spotme.com.
For a full list of the available API endpoints, please check your workspace API page.
Next: Read our SpotMe API basics article.