Suger

API Client

Access the Suger API via the API Client Auth

Overview

To access the Suger API for integration purposes, it requires an API Client for authentication.

Each organization is limited to one API Client. If your organization wishes to create a new one, the existing API Client must be deleted first.
If you require multiple API Clients within your organization for specific reasons, please reach out to our support team at support@suger.io. We can assist you in adding additional API Clients to your organization manually.

Create API Client With Bearer Token

Visit the settings page of your organization. Find the API Client section as shown below.
Click the button CREATE API CLIENT and select BEARER_TOKEN as the Auth Type. Please store the Client Secret carefully in a safe place, since it only shows once.

Get / Refresh Bearer Token

Send a POST request to https://api.suger.cloud/public/apiClient/accessToken following the API Auth Reference

curl -L -X POST 'https://api.suger.cloud/public/apiClient/accessToken' \-H 'Content-Type: application/json' \-d '{    "organizationID": "your-suger-organization-id",    "id": "your-API-client-id",     "secret": "your-API-client-secret"}'

If succeed, you shall receive 200 OK response with payload like below. The default expiration time of token is 1 hour.

{  "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6I...",  "expires_in": 3600,  "expires_on": "2023-05-15T04:41:58.670945Z",  "token_type": "Bearer"}

Use Bearer Token to Access Suger API

In order to access the suger API, you should include a bearer token in the HTTP request header under the Authorization field, with the format Bearer .... For example,

curl -L -X GET 'https://api.suger.cloud/org/sugerOrgId/user' \-H 'Content-Type: application/json' \-H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6I...'

Create API Client With API Key

Visit the settings page of your organization. Find the API Client section as shown below.
Click the button CREATE API CLIENT and select API_KEY as the Auth Type. Please store the API Key carefully in a safe place, since it only shows once.

While the API Key does not expire unless deleted or rotated, for security reasons we recommend using the Bearer Token instead.

Use API Key to Access Suger API

In order to access the suger API, you should include the API Key in the HTTP request header under the Authorization field, with the format Key .... For example,
```
curl -L -X GET 'https://api.suger.cloud/org/sugerOrgId/user' \-H 'Content-Type: application/json' \-H 'Authorization: Key 673d5b018d472f...'
```

Rotate API Client Secret / API Key

Suger doesn't save your Client Secret or API Key. If you forget or lose it, the API client has to be rotated with a new secret or API Key. Click the rotate secret icon to do it. Once the Client Secret or API Key is rotated, the old one will be invalid immediately.

Delete API Client

Click the delete icon to delete the API client. Then you are available to create a new one.

Get Started

Resources

Get Started

Webhook

Table of Contents

Overview
Create API Client With Bearer Token
Get / Refresh Bearer Token
Use Bearer Token to Access Suger API
Create API Client With API Key
Use API Key to Access Suger API
Rotate API Client Secret / API Key
Delete API Client