Authentication

All API endpoints have authentication built-in. API requests are not available in free accounts.

You must make all API calls over HTTPS. Calls that you make over plain HTTP will fail. API requests without authentication will also fail.

Where to find API keys

The client_id_key and client_secret_key are found in the settings page which is accessible from the navigation bar if you have a paid account.

Public API requests

Public facing API requests (i.e. called with client-side requests) should have client_id_key set in the request headers.

client_id_key: 'ae3a42a7-8803-4d49-944a-2dfba8111b5a'

Private API requests

Private facing API requests (i.e. called within server-side requests) should have client_id_key and client_secret_key set in the request headers.

You should never expose the client_secret_key in publicly accessible areas such as GitHub, client-side code, and so forth. You can recycle your keys if you feel you have inadvertently exposed the keys at anytime.

client_id_key: 'ae3a42a7-8803-4d49-944a-2dfba8111b5a'
client_secret_key: 'be3b42b7-8803-4d49-944b-2dfbb8111b5b'

Recycling keys

The client_id_key and client_secret_key can be recycled in the settings page which is accessible from the navigation bar if you have a paid account. Make sure you update any code that has reference to the old keys to reflect the new keys.