P21 API via "Consumer Key" rather than "Username" & "Password"

Hey team, we currently make use of the P21 API by calling the:
/api/security/token/

endpoint with username and password to collect the API token which is then passed in the header “Authorization: Bearer {token}” to make further API calls to e.g. api/entity/vendors/. This works great / as expected.

A client is asking us to use a “Consumer Key” for API authentication rather than the usename/password strategy. I am not clear on where to place this “Consumer Key”. Is there a dedicated header or format? Any tips appreciated, thanks.

It sounds like they want to get rid of the bearer token, and just use the key generated in API Key Maintenance. I don’t think it’s possible to completely ditch the bearer token right now though, unless someone knows different. Something to do with retaining support for v1.

To be fair we are early-ish on in implementation and I’ve just skimmed the documentation and dipped my toes into the API usage for some custom in house mobile applications, so it’s entirely possible I’m mistaken.

Thanks Chris; the client is telling us that for previous API use cases they have only supplied the “Consumer Key” for API access. I have been trying to gain access to the API/SDK documentation to see how we would use the “Consumer Key” - however to gain access to the documentation I need a username & password … which they are reluctant to provide.