Tremendous supports two methods of authenticating with the API. The vast majority of applications should be handled with an API key. Multi-user apps will want to utilize OAuth.
- Use an API key to gain programmatic access to your Tremendous account. 95%+ of Tremendous integrations use an API key.
- Use OAuth 2.0 when you want to build an app with programmatic access to multiple Tremendous accounts. Users will connect their Tremendous app to yours, granting you the ability to send rewards on their behalf. This is useful for platforms and complex use cases.
Authorization header structure
Regardless of whether you use an API key or obtain an access token through OAuth 2.0, Tremendous uses bearer authentication, where each request must include an HTTP header with your credential. The header looks like this:
Authorization: Bearer API-KEY-OR-OAUTH-ACCESS-TOKEN
The name of the header is Authorization. The value of the header is the string
Bearer, followed by a single space, followed by your API key or OAuth access token.
A authenticated request looks like this:
curl --header 'Authorization: Bearer YOUR-API-KEY'\ --url 'https://testflight.tremendous.com/api/v2/organizations'