Suger

API Client

Access the Suger API via the API Client Auth

Overview

To access the Suger API for integration purposes, it requires an API Client for authentication.

Create API Client With API Key

  1. Visit the settings page of your organization. Find the API Client section as shown below.

  2. Click the button CREATE API CLIENT and select API_KEY as the Auth Type. Please store the API Key carefully in a safe place, since it only shows once.

Use API Key to Access Suger API

  • In order to access the suger API, you should include the API Key in the HTTP request header under the Authorization field, with the format Key .... For example,

    curl -L -X GET 'https://api.suger.cloud/org/sugerOrgId/user' \
-H 'Content-Type: application/json' \
-H 'Authorization: Key 673d5b018d472f...'

Create API Client With Bearer Token

  1. Visit the settings page of your organization. Find the API Client section as shown below.

  2. Click the button CREATE API CLIENT and select BEARER_TOKEN as the Auth Type. Please store the Client Secret carefully in a safe place, since it only shows once.

Get / Refresh Bearer Token

Send a POST request to https://api.suger.cloud/public/apiClient/accessToken following the API Auth Reference.

curl -L -X POST 'https://api.suger.cloud/public/apiClient/accessToken' \
  -H 'Content-Type: application/json' \
  -d '{
    "organizationID": "your-suger-organization-id",
    "id": "your-API-client-id",
    "secret": "your-API-client-secret"
  }'

If successful, you shall receive a 200 OK response with payload like below. The default expiration time of the token is 1 hour.

{
  "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6I...",
  "expires_in": 3600,
  "expires_on": "2023-05-15T04:41:58.670945Z",
  "token_type": "Bearer"
}

Use Bearer Token to Access Suger API

  • In order to access the suger API, you should include a bearer token in the HTTP request header under the Authorization field, with the format Bearer .... For example,

    curl -L -X GET 'https://api.suger.cloud/org/sugerOrgId/user' \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6I...'

Rotate API Client Secret / API Key

Suger doesn’t save your Client Secret or API Key. If you forget or lose it, the API client has to be rotated with a new secret or API Key. Click the rotate secret icon to do it. Once the Client Secret or API Key is rotated, the old one will be invalid immediately.

Delete API Client

Click the delete icon to delete the API client. Then you are available to create a new one.