For most integration projects, you’ll likely want to have an API key assigned to a user. This key allows you to skip the step of creating a session and is passed into calls using the x-acme-api-key header.
WARNING: You should never send your normal API key (x-acme-api-key) or a session key (x-acme-session) in a call directly from your frontend to ACME's backend as this is like publishing your ACME username and password. Any integrations found to be using exposed API keys will be deactivated by ACME.
API keys should ONLY be assigned to username-only users and we recommend creating a clearly-identifiable, integration-specific user for each integration. Examples would include:
Note: Only ACME Clients can request API Keys. System integrators and third-party vendors should reach out to their venue contact to have them request a key.
Requesting an API Key
- Create a username-only user following the naming convention above in your Sandbox andProduction Environments.
- Provide any password you want and store it securely for your own reference.
- Add whatever user permissions needed for this API user. Permissions can be be updated after an API key is generated, if needed.
- If you are a new on-boarding client working in Sand1, you may not have access to your Production environment yet. Please create the API user in Sand1 and work with your CSM to create a corresponding Production API user.
- Email api-help with the following information:
- Sandbox User ID (found in the URL of the user account):
- Production User ID:
- Specify which sandbox you are testing in:
- If you are working with a 3rd party and would like to create separate user accounts so they can directly access ACME Back Office, please provide the email domain(s). All non-client email domains must be safelisted before you can invite those users to ACME Back Office.
- Once your request has been submitted to firstname.lastname@example.org, the requested API keys will be generated and emailed directly to the requester.