Get Tokens
GET /Events/{eventId}/authorize
/Events/{eventId}/authorizeOverview
The BackOps Event API uses a layered token system. You start with an API key and exchange it for scoped tokens that authorize access to specific resources. Most API calls require at least an event token — collaborator and area tokens are needed when accessing endpoints scoped to those resources.
Step 1 — Start with your API key
Your API key is the root credential for all API access. Pass it as a Bearer token on every request:
Authorization: Bearer <your-api-key>
On its own, the API key is sufficient only for the authorize endpoints below. All other calls require one or more context tokens in addition.
Step 2 — Exchange your API key for an event token
To access any event-scoped endpoint, first call the event authorize endpoint with your API key:
GET /Events/{eventId}/authorize
Authorization: Bearer <your-api-key>
The response body contains a token field. This is your event token — include it on all subsequent event-scoped requests:
x-Event-Token: <event-token>
Step 3 — Obtain collaborator or area tokens (when needed)
Some endpoints are scoped to a specific collaborator or area. To access those, exchange your event token for the appropriate scoped token.
Collaborator token:
GET /Collaborators/{collaboratorId}/authorize
Authorization: Bearer <your-api-key>
x-Event-Token: <event-token>
Area token:
GET /Areas/{areaId}/authorize
Authorization: Bearer <your-api-key>
x-Event-Token: <event-token>
Pass the returned tokens as custom headers on calls that require them:
x-Collaborator-Token: <collaborator-token>
x-Area-Token: <area-token>
Token Summary
| Token | Header | How to obtain |
|---|---|---|
| Event token | x-Event-Token | GET /Events/{eventId}/authorize with your API key as Bearer |
| Collaborator token | x-Collaborator-Token | GET /Collaborators/{collaboratorId}/authorize with your API key + event token |
| Area token | x-Area-Token | GET /Areas/{areaId}/authorize with your API key + event token |
When each token is required
| Token | Required for |
|---|---|
| Bearer (API key) | Every request |
| Event token | All endpoints under /Events/{eventId}/... and any sub-resource of an event |
| Collaborator token | Endpoints under /Collaborators/{collaboratorId}/... |
| Area token | Endpoints under /Areas/{areaId}/... |