Every Collection API request requires credentials. There are two credential sets — choose the right one for your context.
Used by external integrations and automated scripts.
| Parameter | Field on Login record | Description |
|---|---|---|
u | strLogin_API_UserId | API username (not the login email) |
k | strLogin_API_KeyId | API key (long random string) |
These are set by a Level 3 administrator in Admin → Users → [User] → API Credentials.
For JavaScript making API calls on behalf of a logged-in user:
| Parameter | Description |
|---|---|
id | User ID (intLogin_Id) |
us | API username |
ky | API key |
These are passed alongside r, g, and f as usual.
| Param | Meaning |
|---|---|
u | API username |
k | API key |
r | Collection reference (strCollection_Ref) — the 15-char alphanumeric ID |
g | View (GX group) ID — selects which named filter to use and acts as an auth gate |
f | Function name (e.g. meta, crosslist, create) |
| Param | When required |
|---|---|
p | Private key — required when the view has one configured |
If authentication fails, the response error field contains a negative code:
| Code | Meaning |
|---|---|
-1 | No username / password passed |
-4 | Username / password combo not found |
-8 | View requires a private key — none provided |
-9 | Private key mismatch |
-10 | API access disabled for this view |
Login table via prepared statement — no SQL injection risk?ref=XXXXXXXXXXXXXXX)f=meta first — the response lists all active views and their IDsPOST https://yourdomain.com/api/apic.php u=myapiuser&k=myapikey&r=7mFzPkZUqYJW3QW&g=101&f=meta
The meta response gives you everything you need: field names, view IDs, action IDs, and usage templates.