API Keys and REST API
DonorPoint provides a REST API for reading and writing entity data programmatically. Access is authenticated via API keys and JWT Bearer tokens.
API Keys
API Keys are long-lived credentials that identify your account for API access and Webhook authentication. They are found on the Integration tab of your Account.
Creating an API Key
- Open your Account in DonorPoint.
- Go to the Integration tab.
- Under API Keys, click Create New API Key.
- Enter a Name (describes the system or integration using this key).
- Save. The key value is displayed once — copy it immediately and store it securely.
API keys do not expire, but can be archived (deactivated) at any time.
What API Keys Are Used For
| Use | How |
|---|---|
| Webhook authentication | Pass as BRAPITOKEN header to obtain a Bearer token |
| Direct REST API calls | Pass as BRAPITOKEN header on each request |
| External system identification | Identifies which system is making a call |
REST API Authentication
All REST API calls require authentication via the BRAPITOKEN header.
Obtaining a Bearer Token (for Webhooks)
For Webhook scripts that need to authenticate with the calling system, or for API clients that prefer token-based auth:
POST https://production.gobigriver.com/api/v2/userauthentication/auth
Header: BRAPITOKEN: {your_api_key}
Response:
{
"token": "eyJ0eXAiOiJKV1QiLCJhbGci...",
"expires": "2026-04-22T05:00:00Z"
}
Use the returned token value as the BRAPITOKEN header on subsequent API calls.
Direct API Authentication
For server-to-server integrations, you can pass your API key directly:
GET https://production.gobigriver.com/api/v2/{entity}/list
Header: BRAPITOKEN: {your_api_key}
REST API Endpoints
The DonorPoint REST API follows RESTful conventions. Entities are accessed at:
https://production.gobigriver.com/api/v2/{entityType}/{id}
Common Entity Types
| Entity | Path Segment |
|---|---|
| Contacts | contact |
| Organizations | organization |
| Campaigns (forms) | campaign |
| Transactions | purchaseOrder |
| Funds | fund |
| Volunteer Records | volunteerInstance |
| Recurring Donations | recurringDonationInstance |
Standard Operations
| Operation | Method | Path |
|---|---|---|
| List entities | GET | /api/v2/{entity}/list |
| Get single entity | GET | /api/v2/{entity}/{id} |
| Create entity | POST | /api/v2/{entity} |
| Update entity | PUT | /api/v2/{entity}/{id} |
| Delete/archive entity | DELETE | /api/v2/{entity}/{id} |
Filtering and Pagination
List endpoints accept query parameters for filtering and pagination:
GET /api/v2/contact/list?account={accountId}&limit=50&offset=0
GET /api/v2/purchaseOrder/list?campaign={campaignId}&status=ACTIVE
Webhook API
Webhooks expose Script Modules as authenticated HTTP endpoints. External systems POST data to the Webhook URL, which executes the script with the POST body available as requestBody.
The Webhook URL is displayed on the Webhook record’s view page.
Authentication for external callers:
- Obtain a Bearer token using the auth endpoint above
- Include
BRAPITOKEN: {token}on every POST to the Webhook URL
In the Webhook script:
// POST body is available as requestBody (a string)
var data = JSON.parse(requestBody);
log.info('Received webhook call with payload: ' + JSON.stringify(data));
// account is available; user is not (no user context in Webhooks)
// Import services as needed:
import "contactService";
See Automation and Integration for the full Webhook setup guide.
Full API Reference
The complete DonorPoint API reference, including all available entity endpoints, query parameters, request/response schemas, and error codes, is available at:
DonorPoint API Reference (Javadoc)
For access to the REST API or questions about specific endpoints, contact help@donorpoint.com.