Authentication & rate limits
Generate an API token in your dashboard, then authenticate every management API request with it. The same token works for creating and updating recipes.
Try before you pay
You can see Any to Basket work before you pay a cent. As soon as your subscription exists, even before it is paid, you get dashboard access and the ability to create your API key, and every redirect link is already live (throttled to one visitor per minute). Click through a link yourself and you see exactly what your audience will get.
Adding and updating recipes is never throttled, so you can build everything out up front. Once the subscription is paid in full, the one-visit-per-minute limit on forwarding is lifted.
Note: No dashboard yet?
API integration is currently in beta. If you would like access, contact [email protected] instead of going through onboarding, and we will get you set up.
Getting an API token
Tokens are self service. Sign in to your dashboard, open Any to Basket → API Tokens and choose Generate API token. Pick the website you are integrating (it needs a running Any to Basket subscription) and give the token a name, for example "Production".
You only see the token once, right after you create it, so copy it straight away.
Authenticating requests
Send the token as a Bearer token in the Authorization header on every management API request:
Authorization: Bearer YOUR_API_KEYWarning: Keep your token server side
Never embed the token in client side code. The redirect link is the only thing your visitors should ever see.
Rate limits
The management API (creating and updating recipes) is limited to 60 requests per minute per token. Beyond that you receive 429 Too Many Requests; retry after a short pause.
Errors
Missing or invalid API key.
{
"message": "Unauthenticated."
}The key is valid, but there is no active Any to Basket subscription or the key has no Any to Basket access.
{
"message": "No running Any to Basket subscription for this website."
}Too many requests. The management API allows 60 requests per minute per token; retry after a short pause.
{
"message": "Too Many Requests"
}