EXM authenticates your API requests using your account’s API tokens. Most EXM APIs require authentication, for those, you must pass an API token with each request. If you do not include your API token when making an API request, or use one that is incorrect or disabled, EXM returns an error.
EXM tokens are secret, this means they should be kept confidential and only stored on your servers. Your account's secret API token can perform any API request with EXM-authentication based functionalities.

Protecting Your API Tokens

  • Keep your token safe. Your token is a direct identifier to your account and access key to EXM functionalities such as write operations. Do not store your token in your version control system. Do not use your token outside of a server such as a browser or a mobile app.
  • Do not embed your token directly in your code. Instead of putting them directly in your code, use environment variables or secret file system that are not related to your code source code.

Using Your API Tokens

All requests that require a token need the token to be passed in form of query parameters. For example: http://localhost/module?token=MyAPIToken