To obtain a new API key, please contact our onboarding team at
email@example.com. We will issue you a key as soon as possible.
Once you have a valid API key, making an authenticated request is again straight-forward. On each request, the following HTTP request header must be added (we will use
6aa0fa074bec4a5cb0e8ed8fd36151ce as an example):
If you believe your key has been compromised, please contact our onboarding team at
firstname.lastname@example.org and we will issue you a new key as quickly as possible.
Your secret API key can be used to make any API call on behalf of your account. Ensure they are kept out of any version control system that you may be using. You should treat them as you would a password.
If you are using a header extension in your browser, we recommend turning off the header when you are not using the API to avoid revealing it when you visit other websites on that browser.
For security reasons, we will periodically rotate keys. Rotating keys means that we will add a new API key for your access. Then, after a period of time, we will deprecate the old API key so that only the new API key works. We will also do this early if our monitoring systems expect that keys are being used by unauthorised parties. We will always give notice before doing this.
If your app has been built by a technical team which is not in-house and full-time, e.g. a software agency, you may prefer to make sure that API keys can be changed without having to hire an agency. If API keys are stored in environment variables, make sure that the technical team have handed over how to update the environment variables to new values.