New API credentials are still required in query string

[asanokhin]

According to new documentation at http://developer.pardot.com/ api_key and user_key should not be passed via URL query string but rather via body or header.
However no new requirements are supported while deprecated query string is still working.

As we understand before query string is deprecated new feature should work.

We tested new api via postman to verify those new requirement vs old (deprecated) ones.
Tested with Postman

1. Authentication passing 3 params with query works (gives api key)
2. Authentication passing 3 params in header doesn’t work (get,st)
3. Authentication passing 3 params in body doesn’t work ( post)
4. Passing in query api and user keys works (returns prospect)
5. Passing in body api and user keys fails with "err_code": 1, "err": "Invalid API key or user key" (post)
6. Passing in header api and user keys fails with "err_code": 1, "err": "Invalid API key or user key" (get, post)

[creuzerm]

Did you get this sorted out over the transition?

It looks like the server was a bit inconsistent in it's treatment of various logins during the transition. It looks like not everybody has been shut down yet for logging in yet if they have been using the old depreciated login. So things may work unchanged in some accounts still and not work in other accounts.

[asanokhin]

I think nothing has changed. We are fine if it is not going to change. But if it is backward incompatible, we need to know when it works differently, timing and transition.

[brichorspr]

I am having the same problem using Postman. Passing in header api and user keys fails with "err_code": 1, "err": "Invalid API key or user key" (get, post). Are there any updates?

[asanokhin]

I am verifying from time to time, but for what it worth, api didn't change. I hope, there will be reliable signal to transition to new api if ever needed.

[adamerstelle]

Using https://reqbin.com I was able to POST to url https://pi.pardot.com/api/login/version/3 the content (FORM URL Encoded) email=MYPARDOTUSER&password=MYPARDOTPWD&user_key=MYPARDOTKEY and get a valid api_key.

Taking the api_key, then I used a GET request (to read a prospect) using the Custom Authorization header Pardot api_key=APIKEYFROMPREVREQ, user_key=MYPARDOTKEY (noting that the actual header in raw form is: Authorization: Pardot api_key=APIKEYFROMPREVREQ, user_key=MYPARDOTKEY and the request was successful.

[Markj89]

Make sure the Auth, is set to "No Auth" and your Params are empty, unless you want the specific name of the campaign.
Like @adamerstelle said before Add Authorization: Pardot api_key=APIKEYFROMPREVREQ, user_key=MYPARDOTKEY into your Headers tab and you'll get your results.

[danielrlambert3]

@Markj89 @adamerstelle

I tried your approach in Postman and am encountering some issues.

When I try Authorization: Pardot api_key=APIKEYWASHERE user_key=USERKEYWASHERE, I get the error "Invalid API key or user key". Although I know both are correct.

When I try Authorization: Pardot api_key=APIKEYWASHERE,user_key=USERKEYWASHERE, I get the error "One or more required parameters are missing".

Any ideas?

[adamerstelle]

Hey @danielrlambert3, take a look at our postman collection at https://sercante.com/labs to see working examples. There are test scripts in the Login request that set correct environment variables and should show you the correct path.

Having said that, if you are doing fresh development I would advise you focus your efforts on getting your auth to work via Salesforce SSO instead of a Pardot Only API user. I wrote a blog post here that might help you out: https://thespotforpardot.com/2020/09/23/pardot-api-and-getting-ready-with-salesforce-sso-users/

[danielrlambert3]

@adamerstelle I can't thank you enough, this is exactly what I was looking for.