Two kinds of credentials
Business secret key (tyms_sk_...)
Used for every v1/adam route except Register business.
- Issued per business from the Adam app (Settings → Business settings → API).
- Grants access only to that business’s data.
- Public key (
tyms_pk_...) is not used as the Bearer-style secret for these REST calls; integrations use the secret key.
Partner API key (adam_partner_sk_... or equivalent)
Used only for POST /register-business (full URL under Base URL).
- Issued when Adam onboards you as a referral business partner (distributor).
- Creates a new business and optionally returns that business’s Developer API keys when
grant_accessisadmin. - After registration, stop using the partner key for that customer’s day-to-day API calls — use the returned
tyms_sk_...instead.
Partner program onboarding (admin registration, contract terms, commission or prepaid structures) is handled outside this reference. If you are integrating as a partner, complete Adam’s partner onboarding first so you receive partner credentials. Technical detail for
POST /register-business is in the API reference.Accepted header names
Send the key in any one of these headers (same value):X-API-Keyapi-keysk
Developer API subscription
On protected routes, the business must meet Adam’s Developer API subscription rules. If not, the API responds with 403 Forbidden and an explanatorymessage.
Validate a business key
To confirm a key and load business metadata, callGET /auth/validate. Request/response fields are documented on Validate business.
Security practices
- Store
tyms_sk_...and partner secrets in a secret manager or environment variables — never in client-side code or public repos. - Rotate keys from the Adam app if a secret is exposed.
- Prefer TLS only (
https://api.useadam.io).
Related reference
- OAuth 2.0 — third-party integration apps connecting Tyms users
- API overview — errors, rate limits, UUID rules
- Register business — partner-only registration payload and response