Getting Started

Here are the steps you need to follow to authorize your requests to the API:

  1. Get an API key. This should be provided by your organization administrator.
  2. Make a POST request to the /api/authenticate endpoint including your api key in the body as shown in the example.
  3. If the request is successful, it should return a JSON response containing {"session_token": YOUR_SESSION_TOKEN}
  4. For subsequent requests, include an Authorization header that only contains the word bearer and your token, like: Bearer YOUR_SESSION_TOKEN
  5. That should allow you to hit any of the available endpoints as shown in the final example to the right.


As a preventive measure, if you're building a client to consume the GDX API, avoid modifying your TLS-initiating application to only trust Starfield C2 as it will no longer be included in certificates generated by ACM, which we use. For more information about this, read this article

Example body for POST /api/authenticate:

{
  "api_key": "YOUR_128-CHARACTER_LONG_API_KEY"
}

Example response:

{
  "session_token": "JWT-like token"
}

Subsequent request example:

$ curl \

  -X GET https://production-api.garmatsprayboothcustomers.com/booths \

  -H "Authorization: Bearer JWT-like-token" \