For most integration projects, you’ll likely want to have an API key assigned to a user. This key allows you to skip the step of creating a session and is passed into calls using the x-acme-api-key header.
WARNING: API keys should be kept secret just as you would a username and password. Anyone who has an API key will be able to access, via API, any area of the system for which the user has permission.
API keys should ONLY be assigned to username-only users and we recommend creating a clearly-identifiable, integration-specific user for each integration. Examples would include:
Note: Only ACME Clients can request API Keys. System integrators and third-party vendors should reach out to their venue contact to have them request a key.
Requesting an API Key
- Create a username-only user following the naming convention above in your Sandbox and Production Environments.
- Provide any password you want and store it securely for your own reference.
- Add whatever user permissions needed for this API user. Permissions can be be updated after an API key is generated, if needed.
- If you are a new on-boarding client working in Sand1, you may not have access to your Production environment yet. Please create the API user in Sand1 and work with your CSM to create a corresponding Production API user.
- Email api-help with the following information:
- Sandbox User ID (found in the URL of the user account):
- Production User ID:
- Specify which sandbox you are testing in:
- If you are working with a 3rd party and would like to create separate user accounts so they can directly access ACME Back Office, please provide the email domain(s). All non-client email domains must be safelisted before you can invite those users to ACME Back Office.
- Once your request has been submitted to firstname.lastname@example.org, the requested API keys will be generated and emailed directly to the requester.