Bamboo Proptech
Integrations

Bamboo API

How to authenticate against the Bamboo API using your API token and secret.

Overview

If Bamboo has set up API access for your organisation, you will be given:

  • An API token
  • An API secret
  • The base URL for the environment you should call

You use the token and secret once to request a bearer token, then send that bearer token on subsequent API requests.

The examples on this page use placeholder values. Never share real API tokens, secrets, or bearer tokens in email, chat, or public documentation.

Authentication flow

1. Request a bearer token

Send a POST request to /auth/token using:

  • Basic auth username: your API token
  • Basic auth password: your API secret
  • Header: x-application: api
curl --request POST "$BAMBOO_API_URL/auth/token" \
  --header "x-application: api" \
  --user "$BAMBOO_API_TOKEN:$BAMBOO_API_SECRET"

2. Store the response token

The /auth/token endpoint returns the bearer token as a plain string response.

BEARER_TOKEN=$(curl --silent --request POST "$BAMBOO_API_URL/auth/token" \
  --header "x-application: api" \
  --user "$BAMBOO_API_TOKEN:$BAMBOO_API_SECRET")

3. Use the bearer token on API requests

Use the bearer token in the Authorization header when calling protected endpoints:

curl --request GET "$BAMBOO_API_URL/seller/me" \
  --header "Authorization: Bearer $BEARER_TOKEN" \
  --header "x-application: api"

Quickstart example

This example shows the full flow in one shell session:

export BAMBOO_API_URL="https://your-bamboo-api.example.com"
export BAMBOO_API_TOKEN="your_api_token"
export BAMBOO_API_SECRET="your_api_secret"

BEARER_TOKEN=$(curl --silent --request POST "$BAMBOO_API_URL/auth/token" \
  --header "x-application: api" \
  --user "$BAMBOO_API_TOKEN:$BAMBOO_API_SECRET")

curl --request GET "$BAMBOO_API_URL/seller/me" \
  --header "Authorization: Bearer $BEARER_TOKEN" \
  --header "x-application: api"

Headers used by the Bamboo API

HeaderRequiredPurpose
Authorization: Basic ...When requesting /auth/tokenSends your API token and secret to exchange for a bearer token.
Authorization: Bearer ...On authenticated requestsAuthenticates each API request after the token exchange.
x-application: apiRecommended on all API requestsIdentifies the request as an external API integration.

Common errors

Good practice

  • Store credentials in environment variables or a secrets manager.
  • Do not hardcode real tokens or secrets into source control.
  • Regenerate or rotate credentials if you believe they have been exposed.
  • Keep integration examples in placeholder form when sharing internally or externally.

Need help?

If you need API access set up for your organisation, or need to confirm which endpoints are available to your integration, contact your Bamboo representative or email hello@bambooproptech.com.

Overview

Bamboo integrates with the UK's leading CRMs to keep your auction data connected and up to date.

Alto

How to create a listing via Alto in your Bamboo Proptech dashboard.

On this page

OverviewAuthentication flow1. Request a bearer token2. Store the response token3. Use the bearer token on API requestsQuickstart exampleHeaders used by the Bamboo APICommon errorsGood practiceNeed help?