API endpoints
https://sticky.tohttps://instantdebit.co.uk
Authentication
Go to https://dashboard.sticky.to/my/account/more to find your public key (read only / used by consumers) and private key (danger - do not embed in public facing scenarios!).
Use these keys to authenticate against our API, which is fully RESTful API and sends/receives JSON exactly as you’d expect.
There is no sandbox environment under a different URL. Send us a message if you want another dashboard with different keys.
Authentication is via Bearer tokens.
Routes with dynamic authentication
Some routes accept both public and private keys. One example is GET /v1/products. A public key returns basic data like name and images - enough to let a consumer choose a product. A private key returns all of the data you can see in the dashboard.
Prepend the key with public: or private: for these routes.
Routes without dynamic authentication
Other routes accept just public or private keys. One example is POST /v1/products which can only be called with a private key.
Don’t prepend the key with private:.
In the examples below, add the correct domain before /v1 or /v2, for example https://sticky.to/v2 or https://instantdebit.co.uk/v2.
Example: public key
curl --request GET \
--url /v1/users/me \
--header 'Authorization: Bearer public:public-b3c64fdc-b37f-44fc-83e4-53206e7adb8c'Notice that the response is limited:
{
"name": "My dashboard",
"currency": "GBP"
}Example: private key
curl --request GET \
--url /v1/users/me \
--header 'Authorization: Bearer private:private-371eff35-9bff-461e-b97b-d9405176e257'Notice that the response is expansive:
{
"name": "My dashboard",
"currency": "GBP",
"email": "me@my-dashboard.com"
}Terminology
thingIdmeans the ID of a sticky (contactless sticker)applicationIdmeans the ID of a flow (solution a contactless sticker is connected to)federatedUserIdmeans the ID of a team member