Introduction

The Wingback API allows developers to easily integrate and interact with the Wingback platform to manage customers, retrieve their current entitlements, and access various features. The API uses standard HTTP methods and follows RESTful design principles to ensure simplicity and ease of use.

To start making API requests, you will need to use one of the base URLs provided below:

​

API Access

Wingback utilizes API tokens to authenticate your access to the API. You can find your API token on your settings page.

Here is an example of an API token: api_key_UVaeszl0xRt2OFAhu5eVbCBjbD111aaa

When making API calls, include the token in a header parameter named wb-key.

curl -X 'GET' \
  'https://api.app.demo.wingback.com/v1/c/customer/Cust_d5040e96-1edf-4fe1-8a9c-d1274c4c073f/address' \
  -H 'accept: application/json' \
  -H 'wb-key: api_key_UVaeszl0xRut2OFAhu5eVbCBjbDyhl0xO'

​

Securing Your Keys

It is crucial to ensure the security of your API keys, as they enable actions to be performed on your account, such as creating charges or executing refunds. To maintain the confidentiality and integrity of your API keys, follow these common best practices for secret management:

• Limit access to your API keys only to those who require it, implementing the principle of least privilege.
• Store your API keys securely, preferably in a dedicated secret management tool, following your organization’s secret handling policies.
• Avoid storing your API keys in version control systems, hard-coded in source code, or in configuration files that can be easily accessed by unauthorized users.
• Utilize environment variables or configuration management tools to provide your backend applications with secure access to your API keys, ensuring that they are only accessed by authorized components.
• Implement strong authentication and access control measures to protect your secret API keys from unauthorized access and ensure proper audit logging.