Authentication

Last updated 3 months ago

Getting An API Key

To obtain a new API key, please contact our onboarding team at hello@imin.co. We will issue you a key as soon as possible.

Using the API Key

Once you have a valid API key, making an authenticated request is again straight-forward. On each request, the following HTTP request header must be added (we will use 6aa0fa074bec4a5cb0e8ed8fd36151ce as an example):

X-API-KEY=6aa0fa074bec4a5cb0e8ed8fd36151ce

Obtaining a New Key

If you believe your key has been compromised, please contact our onboarding team at hello@imin.co and we will issue you a new key as quickly as possible.

Best Practices

Keeping your key safe

Your secret API key can be used to make any API call on behalf of your account. Ensure they are kept out of any version control system that you may be using. You should treat them as you would a password.

Prepare for key rotation

For security reasons, we will periodically rotate keys. Rotating keys means that we will add a new API key for your access. Then, after a period of time, we will deprecate the old API key so that only the new API key works. We will also do this early if our monitoring systems expect that keys are being used by unauthorised parties. We will always give notice before doing this.

If your app has been built by a technical team which is not in-house and full-time, e.g. a software agency, you may prefer to make sure that API keys can be changed without having to hire an agency. If API keys are stored in environment variables, make sure that the technical team have handed over how to update the environment variables to new values.