Authentication & rate limits

Authentication & rate limits

Generate an API token in your dashboard, then authenticate every management API request with it. The same token works for creating and updating recipes.

Try before you pay

You can see Any to Basket work before you pay a cent. As soon as your subscription exists, even before it is paid, you get dashboard access and the ability to create your API key, and every redirect link is already live (throttled to one visitor per minute). Click through a link yourself and you see exactly what your audience will get.

Adding and updating recipes is never throttled, so you can build everything out up front. Once the subscription is paid in full, the one-visit-per-minute limit on forwarding is lifted.

Note: No dashboard yet?

API integration is currently in beta. If you would like access, contact [email protected] instead of going through onboarding, and we will get you set up.

Getting an API token

Tokens are self service. Sign in to your dashboard, open Any to Basket → API Tokens and choose Generate API token. Pick the website you are integrating (it needs a running Any to Basket subscription) and give the token a name, for example "Production".

You only see the token once, right after you create it, so copy it straight away.

Authenticating requests

Send the token as a Bearer token in the Authorization header on every management API request:

Request header
Authorization: Bearer YOUR_API_KEY

Warning: Keep your token server side

Never embed the token in client side code. The redirect link is the only thing your visitors should ever see.

Rate limits

The management API (creating and updating recipes) is limited to 60 requests per minute per token. Beyond that you receive 429 Too Many Requests; retry after a short pause.

Errors

Missing or invalid API key.

401 Unauthorized
{
  "message": "Unauthenticated."
}

The key is valid, but there is no active Any to Basket subscription or the key has no Any to Basket access.

403 Forbidden
{
  "message": "No running Any to Basket subscription for this website."
}

Too many requests. The management API allows 60 requests per minute per token; retry after a short pause.

429 Too Many Requests
{
  "message": "Too Many Requests"
}