Authentication

All requests to the TallyMark API's require you to authenticate yourself to the service. In order to do this you must send the correct HTTP headers with the correct API token.

  • Tenant Id — x-tenant-id

  • Api Key — x-api-key

  • Api Secret — x-api-secret

Each of these header elements can be created and accessed in the TallyMarks console by console Administrative users.

API keys grant access to your TallyMarks account and should be protected the same way you would protect your password.

Note the following common scenarios and keep these in mind when working with your API keys:

  • Give each integration its own API key, and assign a name to each so you know which key goes with which application. If a specific API key (client/secret) is compromised, you can disable that key without disabling all of the other integrations.

  • Take care not to expose the key to the public.

  • Because of the potential security risks associated with exposing account API keys, TallyMarks does not support client-side implementation of our API.

  • If a key needs to be shared, generate a new key and label it accordingly so it can be disabled, if needed. Never email the API key, because it would allow access to your TallyMarks account if your email account is compromised.

In the case that you execute a request with wrong or missing headers, you will receive an HTTP Response 401 (Unauthorized).

PreviousWeb HooksNextError Handling

Last updated