Most of our APIs require authentication for which we recommend using Service Accounts to authenticate. However, most of our Ingestion API calls such as Import Events, Track Events, User Profiles, and Group Profiles only require a Project Token. Because these APIs are often called from our client-side SDKs, we do not want to expose credentials, but we do need to know which project to send data to so we use the Project Token for that purpose.
HTTPS Only
Our APIs will reject calls made over HTTP to protect request and response information.