Get started

Authentication

Go to dashboard.sticky.to/developer/keys to find your public key (read only / used by consumers) and private key (keep this secret).

Use these keys to authenticate against our API, which is RESTful and sends/receives JSON.

There is no sandbox API endpoint. Contact us if you want another production dashboard with different keys to use as a playground.

Authentication is via Bearer tokens.

Routes with dynamic authentication

Some routes accept both public and private keys. One example is GET /v1/products. A public key returns basic data like name and images - enough to let a consumer choose a product. A private key returns all of the data you can see in the dashboard.

Prepend the key with public: or private: for these routes.

Routes without dynamic authentication

Other routes accept just public or private keys. One example is POST /v1/products which can only be called with a private key.

Don’t prepend the key with private:.

Example: public key

curl --request GET \
  --url https://sticky.to/v1/users/me \
  --header 'Authorization: Bearer public:public-b3c64fdc-b37f-44fc-83e4-53206e7adb8c'

Notice that the response is limited:

{
  "name": "My dashboard",
  "currency": "GBP"
}

Example: private key

curl --request GET \
  --url https://sticky.to/v1/users/me \
  --header 'Authorization: Bearer private:private-371eff35-9bff-461e-b97b-d9405176e257'

Notice that the response is expansive:

{
  "name": "My dashboard",
  "currency": "GBP",
  "email": "me@my-dashboard.com"
}

Terminology

  • thingId means the ID of a sticky (contactless sticker)
  • applicationId means the ID of a flow (solution a contactless sticker is connected to)
  • federatedUserId means the ID of a team member
Embed payments