Set up an API user
Protect your API credentials
API credentials must be treated as sensitive data, and never be distributed to your customers, or anyone else who does not have legitimate cause to require them. For example, do not embed them on a website, or in a mobile application. If you do, someone malicious could use those credentials to access, edit, or delete your customer data, or send spam or other harmful content which appears to come from your organisation.
Data breaches as a result of such an action could incur large financial penalties. We have some guidance around data legislation for different parts of the world in our Help Centre here, but you must also seek your own legal counsel to ensure you have adequate data protection processes in place.
To get started using our API, you need to create an API user. These API user credentials (username and password) are required to authenticate each operation/method call you make and to make sure you are connected to the correct account.
User permissions
To create an API user, you must be an account owner, or a managed user with the Can manage account permission enabled.
To create an API user:
- Log in to Dotdigital with your normal login credentials.
- Expand the User menu in the bottom left and go to Settings > Access > API users
- Select NEW USER.
- The username (email address) is automatically generated for you and must not be edited. You can add a description to differentiate between API users, which is useful if you have more than one.
- Enter a password and confirm it. Your password must be at least eight characters in length and contain at least one digit or non-alphanumeric character. Please avoid including your email address or company name as part of your password.
- For Status, select Enabled.
- Select SAVE.
Find out more about API User management
If you want to know more about API user management, check out the Help Centre article Edit or delete an API user.
You can only access the API using your API user credentials, although you can have more than one API user per Dotdigital account.
Please note: When creating API users, it's best practice to create one user per system (for instance, one for a Magento integration and another one for a Dynamics integration) and not share an API user for different integrations. This makes it easier to revoke individual API users should you need to, as well as isolate and diagnose problems with integrations.
Updated 6 months ago