For now, all authentication with the Plum Fuse API is done with HTTP Basic Authentication using a valid account login and a password or API key.

If you do not want to include your password in API requests, you can generate an API key and use this in place of your password from your Account Settings page. You can also reach this page by going to “My Apps”, clicking on the “account” link in the upper right corner of the page, and then going to the “Passwords” tab.

If you generate an API key, you must use it in place of your password in API requests.

We are considering allowing users to set up IP restrictions for requests carrying their API key, and support for HTTP Digest Authentication or HTTPS. Please let us know your thoughts via the Developer API Forum.

With curl, you can set your username and password/API key with the -u option, using a colon to separate the two.

$ curl -u 'username:password_or_api_key' -d 'examplevar=examplevalue'
  http://quickfuseapps.com/api/1/example/method

Whenever an authentication or authorization error occurs, you will receive an error response with the type property set to NotAuth.

• If you do not provide any credentials or your credentials are invalid, you will receive a response with HTTP status code 401 Unauthorized.

{
  "error":"API_v1_Exception",
  "type":"NotAuth",
  "message":"You must authenticate to use the QuickFuse API."
}

• If you do provide valid credentials but they do not allow you to perform the action you have requested, you will receive a response with HTTP status code 403 Forbidden.

{
  "error":"Outbound_Controller_Json_Exception",
  "type":"NotAuth",
  "message":"Not authorized to run this application."
}