Important NOTE

We translate the procedure for authenticating our API to a username password combination. Up to now, it just needed the API key as a password to successfully use our ITscope API.

To continue to continue to ensure the best possible quality of service of the API, and the specification of the account ID as the user name is henceforth required. Developers of interfaces, such as goods or economies Shops obtained from our support special application account ID which is to be used as a username.

After the transition period until 01 March 2017 exclusively only calls allowed with a valid account ID and API Key.


Individual settings and prices of the user's company are automatically taken into account in API queries.


Authentication methods

There are three authentication methods to use the API

  • Simple browser authentication - for exports, data sheets, image links, fast display in the browser, etc.
  • ITscope Authentication - prefers an active browser session on https: / and should not be used programmatically. This method can be used, for example, as a deeplink
  • Programmatic Authentication via HTTP Basic Authentication - Basic authentication with Username: Password for the use of the ITscope API.
    Here are 2 differences of credentials. Further details can be selected via the corresponding tab below
    • Personal API credentials of the individual customer
    • Specific API credentials for applications and interfaces Operators that provide your application to multiple ITscope customers


Personal ITscope API credentials

In own employee profile login information can be viewed in your ITscope API. These are required for Username: Password HTTP Basic Authentication for the ITscope API.

The following data are required:

  • Account ID - as Username
  • API Key - as a password

Access to the ITscope API is thus only possible.

If you need a new API key, you can generate these with the New API Key button. This will invalidate the old key!

Programmatic Authentication via HTTP Basic Authentication

For programmatic authentication in development code must in the header of the Api user (account ID) and the API password (API Key) encoded as Base64 be specified. This method makes use, for example, a service like and thus encodes the User Name: Password '<accound id>: <API Key>' string. The result of the coding must be in the HTTP header Authorization: Basic are inserted. If the API URL is entered interactively in the browser, authentication is performed using the standard mechanisms of the browser for "Basic Auth".

Example pseudo code for an API request:

Example pseudo code for retrieval via the API ITscope including mandatory HTTP header User-Agent

// api url without credentials, eg
string apiurl = "";
HttpWebRequest request = (HttpWebRequest) WebRequest.Create (apiurl);

// username: password Combination Base64 encoded
String credentials = <account ID> + ":" + <API Key>;
Authorization = Convert.ToBase64String (Encoding.Default.GetBytes (credentials));
// Basic Authorization as http header
Request.Headers ["Authorization"] = "Basic" + authorization;

// useragent in the form <applicationCompany> - <applicationName> - <applicationVersion>
// eg my company-my application-4.0927
Request.UserAgent = "MyFrame-My-Application-4.0927"

Request.Method = "GET"
Request.KeepAlive = true
Request.ContentType = "application/xml"
Request.AllowAutoRedirect = true

Examples of programmatic authentication

Example pseudo code for the use of the generated C # clients directly from the Swagger Framework of ITscope API including mandatory HTTP header User-Agent

Configuration config = new Configuration();

// username: password Combination Base64 encoded
string credentials= ApiClient.Base64Encode("<Account-ID>:<API Key>");

// Basic Authorization as http header
config.AddDefaultHeader("Authorization", "Basic" + credentials );

// useragent in the form <applicationCompany> - <applicationName> - <applicationVersion>
// eg my company-my application-4.0927
config.setUserAgent("My Company My application-4.0927");

// misc
ProductsApi pApi = new ProductsApi(config);


Example pseudo code header for a PHP script:


// username: password Combination Base64 encoded 
// Basic Authorization as http header
header('Authorization: Basic '.base64_encode("<Account ID>:<API Key>"));

// useragent in the form <applicationCompany> - <applicationName> - <applicationVersion>
// eg my company-my application-4.0927
header('User Agent: My Company My application-4.0927');


Example pseudo code header for a PHP script with curl:

// username: password combination not Base64 encoded when the curl option CURLAUTH_BASIC is set,
// then curl executes a Bas64 encoding itself
$UserPWD = "<Account ID>:<API Key>";

$url = "
$pptions = array (CURLOPT_URL => $url,
                 CURLOPT_HEADER => true,
                 CURLOPT_USERAGENT => $UserAgent,
                 CURLOPT_USERPWD => $UserPWD);
$ch = curl_init();
curl_setopt_array($ch, $options);
$Data = curl_exec($ch);

Easy browser authentication

The easiest way to export the like via the browser, wget or in the Windows Task Scheduler (The user must always have the entry in the field Account ID, see above!)

Note This method does not work in Internet Explorer.

An example retrieval in the browser for an export

  Https: // <account id>: <API Key> @ / 2.0 / products / exports / <EXPORT-ID> 

If you do not enter the user name <accoundId> or the password <API key> when retrieving the URL, authentication is performed via the standard mechanism of the browser for "Basic Auth" and you are prompted for the credentials in a separate window.


ITscope authentication

This type of authentication is primarily intended for deeplinks in the platform and requires an active session in ITscope. If there is no such, please refer to the login page. To do this, you set the query parameter 'auth' with the value 'itscope' to the API URL. A call then looks as follows.

Note: This page has been translated with the Google Translation Service.

Have more questions? Submit a request