Authorization header

Every call to Splio Marketing Automation API needs to authenticated. To do so the call needs to have Authorization header with a valid JWT token in it. The header should look like Authorization: Bearer XXX.YYY.ZZZ

This JWT token can only be provided by /authenticate endpoint, which requires an API Key./



  • We recommend to use an API key per connection system (e-commerce, PoS...) to allow system identification in case of investigation.
  • Do not authenticate for each API call you are making. The JWT Token is valid for 1 hour.
  • Never communicate your API key (even to our Customer Care team), the last 3 characters will suffice if we know the name of the universe).

Obtaining the API key in your Splio universe admin


This token will then be found in all API call you do afterward.


  1. go to /authenticate endpoint
  2. paste the previously fetched API key in api_key field
  1. click on Try it
  2. if your API Key is valid the call will end up as HTTP 200 and return a JWT token. This token is valid for 1 hour
  3. add this JWT token in the Authorization header before trying another endpoint. No need to add Bearer keyword.
  4. you are now authenticated and can Splio Marketing Automation endpoints