This page explains how to authenticate requests to the Blueshift API using API keys.
The Blueshift API uses HTTP Basic Authentication. Most endpoints require a valid API key in every request. Requests without a key — or with the wrong key for the endpoint — return 401 Unauthorized.
API keys
Blueshift provides two API keys, each scoped to different endpoints:
| Key | Use it for | Who can generate it |
|---|---|---|
Event API key (EVENT_API_KEY) | Sending events and supported live-content endpoints | Any user role |
User API key (USER_API_KEY) | Customer profiles, catalogs, campaigns, reports, and other read/write endpoints | Admin users only |
Quick rule: Use the Event API key for event ingestion and supported live-content endpoints. Use the User API key for everything else.
To generate a key, sign in to the Blueshift app, go to Account Settings, and open the API keys tab.
Treat API keys like passwordsDon't commit them to source control, embed them in client-side code, or share them outside trusted systems. Rotate keys periodically and revoke compromised keys immediately.
Event API key
Use the Event API key for endpoints that send events or for supported live-content endpoints. The key is visible to any user role.
User API key
Use the User API key for all other endpoints — customer profiles, catalogs, campaigns, reports, and similar. The key is visible only to admin users.
Base URL
Set the base URL based on your Blueshift region. The base URL must match the region your account is provisioned in, or requests will fail. For the list of regions, see Blueshift global regions.
| Region | Base URL |
|---|---|
| US & Rest of the world | https://api.getblueshift.com |
| EU | https://api.eu.getblueshift.com |
Authenticate a request
Pass your API key as the username in HTTP Basic Auth and leave the password blank. Most HTTP clients handle the Base64 encoding for you.
Using curl
The -u flag handles Basic Auth. The trailing colon after the key represents the empty password:
curl -X POST https://api.getblueshift.com/api/v1/campaigns/execute \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-u <USER_API_KEY>: \
-d '{
"email": "<EMAIL_ADDRESS>",
"campaign_uuid": "<CAMPAIGN_UUID>"
}'Constructing the Authorization header manually
Use this only if your client does not support Basic Auth natively. Base64-encode the string your_api_key: (with the trailing colon) and include it in the Authorization header:
Authorization: Basic <BASE64_ENCODED_VALUE>Generate the encoded value from your terminal:
echo -n "YOUR_API_KEY:" | base64Or use a browser-based encoder such as CyberChef.
Test endpoints in this reference
Each endpoint page in this reference includes a Try It console. To use it:
- Enter your API key as the Username and leave the Password blank. Use the Event API key for event and supported live-content endpoints, and the User API key for everything else.
- Select the Base URL that matches your Blueshift region.
- Fill in the request parameters and click Try It.
For details on API keys and base URLs, see Authorization.
Postman collection
Blueshift maintains a Postman collection containing the full set of API calls. Use it to explore endpoints, build requests, and develop integrations without writing code.
Set up the collection
- Click Run in Postman above to fork the collection into your Postman workspace.
- Open the collection and select an endpoint.
- In the Authorization tab, choose Basic Auth and enter your API key as the Username. Leave the Password blank. See Authorization for which key to use.
- Set the request URL to the base URL for your Blueshift region:
- US & Rest of the world:
https://api.getblueshift.com - EU:
https://api.eu.getblueshift.com
- US & Rest of the world:
- Fill in the request body or query parameters and send the request.
Pro tip: Use environment variablesSave your API key and base URL as Postman environment variables so you can switch between accounts and regions without editing each request.
Need help? For support, see Get in touch.