API Keys
All API requests require authentication using an API key passed in the x-api-key header.
Getting Your API Key
- Visit developers.webacy.co to sign up
- Generate your API key
- Copy and securely store your key
Keep your API key secure. Do not expose it in client-side code or public repositories.
Using Your API Key
Include your API key in the x-api-key header with every request:
Example Requests
Authentication Errors
Example Error Response
Best Practices
Store your API key in environment variables, not in your code.
- Rotate keys periodically - Generate new keys and deprecate old ones on a regular schedule
- Use separate keys - Maintain different keys for development, staging, and production
- Monitor usage - Check the API Usage endpoint regularly
- Revoke compromised keys - If a key is exposed, revoke it immediately in your dashboard
- Server-side only - Never expose your API key in client-side code or mobile apps