All API endpoints are authenticated using API keys via the x-api-key header. There are 2 types of API keys supported:
- User based access tokens, to initiate user based activities such as earn, redeem and get status actions. These tokens are returned as part of the access/token/exchange API flow following the connect SDK onSuccess callback.
- Partner API keys, which you can generate through the dashboard in your developer settings page on Pilot, for all non user based interactions like retrieving campaign and partner information.
Note that user tokens are short lived and must be refreshed using the access/token/refresh API endpoint before they expire. User tokens are typically valid for 90 days. If a token has expired, you will get a 401 error from the relevant API endpoint. You can refresh the token using the access/token/refresh API endpoint.
In APIs that support user_id or user_external_ids, you can either use the Partner API key and explicitly specify the user_id, or use the user based access token and omit these parameters since they are distinguished through the access token
Partner API key or User access token
