Airship API Security
The Airship messaging API supports both Basic and Bearer Token authorization for most endpoints and features. Use this page to determine the type of security you want to use and the levels of access you want to grant.
Messaging
Bearer Authorization uses a token created from within Airship to grant access. Bearer authorization gives you control over the permissions each API users has access to, and the ability to revoke access by deleting tokens. You can create bearer tokens for two different roles:
- Audience Modification: The token grants access to register and modify audiences.
- All Access: The token grants complete access to all endpoints and features that support bearer authorization.
Basic Authorization uses your Airship App Key and App or Master Secret to generate a Base-64 authorization string. The App Secret grants access to most product features, while the Master Secret grants access to the majority of the Airship API.
While basic master authorization grants access to the complete Airship API, you should use this authorization method for server-to-server communications only. You should not give out your Master Secret or use Basic Master authorization with your app. See the Basic Authentication Map for more information about the features you can access with basic app and basic master authorization.
| Service | Bearer — Audience Modification | Bearer — All Access | Basic Master |
|---|---|---|---|
| /push | ❌ | ✅ | ✅ |
| /channels | ✅ | ✅ | ✅ |
| /channels/tags | ✅ | ✅ | ✅ |
| /channels/sms | ✅ | ✅ | ✅ |
| /channels/sms/custom-response | ❌ | ✅ | ❌ |
| /channels/email | ✅ | ✅ | ✅ |
| /create-and-send | ❌ | ✅ | ✅ |
| /named-users | ✅ | ✅ | ✅ |
| /custom-events | ❌ | ✅ | ❌ |
| /segments | ✅ | ✅ | ✅ |
| /lists | ✅ | ✅ | ✅ |
| /location | ✅ | ✅ | ✅ |
| /reports | ✅ | ✅ | ✅ |
| /create-and-send | ❌ | ✅ | ✅ |
| /schedules | ❌ | ❌ | ✅ |
| /experiments | ❌ | ❌ | ✅ |
| /pipelines | ❌ | ❌ | ✅ |
| /templates | ❌ | ❌ | ✅ |
Categories