Skip to content

Authentication

The Keelvar API uses API keys to authenticate requests. For instructions on how to generate an API Key, set an expiration, and revoke an API Key, read our article on Key Management.

An API Key must be included in the Authorization header for each request you make to any of Keelvar's API endpoints, using the Bearer authentication scheme. The header should have the following format, where <API Key> should be replaced with your API Key token:

Authorization: Bearer <API key>

Warning

Your API Keys carry many privileges that give access to your Keelvar organization data, so be sure to keep them secure and log what each API Key is used for, and by whom. Do not share your secret API Keys with others outside of your organization, or in publicly accessible areas such as GitHub, client-side code, etc.

Errors

All API requests must be made over HTTPS and calls made over plain HTTP will fail.

API requests without authentication will also fail:

  • Requests made to the Keelvar API with an invalid API Key will receive an empty HTTP 403 response.
  • Requests which do not include an API Key will receive a HTTP 401 response.

Full details of errors can be found in the errors page.