Authentication
Transport Security
All requests must be made over HTTPS secured with TLS 1.2+. HTTP connections are not supported.
API Key
Every API call must include a valid API key in the Authorization request header.
You can access your API key from the dashboard in the settings section.
Keep your API key private
Your API key is a private key. Do not distribute it or expose it in client-side code (browsers, apps). Route all production requests through your own backend server where the API key can be securely loaded from an environment variable or key management service.
Request Header
Include your API key in all requests:
http
Authorization: Bearer <API_KEY>Example
bash
curl -X GET "https://api.your-domain.com/api/v1/products" \
-H "Authorization: Bearer your_api_key_here" \
-H "Content-Type: application/json"Best Practices
- Store API keys in environment variables, never in source code
- Rotate keys periodically or if you suspect a breach
- Use different keys for development and production environments
- Monitor API usage in your dashboard for unexpected activity