Skip to main content
Authenticating with the tipee API involves generating an API key through the tipee application interface and then using that key in your API requests.

🔑 Setup and API key generation

Before making API calls, you need to configure API access within your tipee instance and generate an API key. This setup process requires administrative privileges in tipee.
  1. Enable API Access: An administrator must first enable API access for the specific tipee instance.
  2. Create an Integration: Create a dedicated integration principal within the tipee application. This integration acts as the identity for your API interactions.
  3. Assign Roles/Permissions: Assign appropriate roles and permissions to the newly created integration. Without assigned permissions, the integration will not have the necessary access to read or modify any resource via the API, even if authentication is successful.
  4. Generate API Key: Generate an API key specifically for this integration. This key will be used to authenticate all subsequent API requests made by this integration.
Note: Detailed, step-by-step instructions for enabling API access, creating integrations, and managing API keys are available in the tipee Help Center (a link can be added here). This process must be performed by a user with administrative access. Treat your API key like a password – keep it confidential and secure. Do not embed it directly in client-side code or commit it to version control.

🚀 Making authenticated requests

Once you have a valid API key, you must include it in the Authorization header for every request made to the tipee API, using the Bearer authentication scheme. The header should be formatted as follows: 
Authorization: Bearer <YOUR_API_KEY>
Requests without a valid Authorization header or with an incorrect/inactive key will be rejected. If authentication fails, the API will typically respond with:
  • 401 Unauthorized: This usually indicates that the API key is missing, invalid, or expired.
  • 403 Forbidden: This generally means the API key is valid, but the associated integration does not have the necessary permissions to perform the requested action on a specific resource. Check the roles assigned to the integration in tipee.