Skip to main content

Security

API Key based authentication

  • Monetization API endpoints are secured with an API Key
  • To get started you will first need an API Key
  • An API Key must be provided on each HTTPS request via X-InBrain-Api-Key header
info

To get your API Key, head over to Account Setup and setup your account.

Additional Security Notes

  • Monetization API survey entry links and client redirect links are signed with a SHA256 hash key
  • Each partner has a dedicated unique Secret key that can be provided by an inBrain Account Representative
  • Secret key is used by both partner and inBrain to generate and/or verify the hash signature on the links

HMAC based authentication on S2S callbacks

  • Monetization API uses the same S2S callback mechanism that is used across the entire inBrain product suite
  • Your Secret key as mentioned in the previous section is used by inBrain to sign the S2S callback request
  • See full S2S callbacks documentation for more details