Authenticating API Requests

Authenticating your API requests is done by sending a HTTP Header called: X-API-KEY, with the value being your API Key which you got by following the Get your API Key instructions.

Here are some relevant snippits of sample code showing this to give you the idea.

Example code snippits

Authentication example using Python & the Requests Module

import requests headers = { 'X-API-KEY': config.api_key, } result =, data=json.dumps(post_data), headers=headers)

Authentication example using PHP & the cURL Module

$headers = [ 'X-API-KEY: '.$api_key, ]; curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);

As per the HTTP RFC 2616, header field names are not case sensitive, so it doesn't matter if you send the header as X-API-KEY or x-api-key.

For examples in more programming languages, please look at our Sample Code.

Authentication Issues and Errors

Missing API Key

If you don't send the your API Key in the X-API-KEY HTTP header, you will receive a response like:

{ "result": { "code": "error", "message": "No X-API-KEY header was provided in the request", "message_code": "missing_api_authentication" } }

This will happen if you haven't sent the authentication header correctly. Check out the section on Debugging Authentication.

Invalid API Key

If you send an incorrect X-API-KEY, you will receive a response like:

{ "result": { "code": "error", "message": "user key QWERTYIOPSDFJLKJ is invalid", "message_code": "api_authentication_invalid" } }

Note that the API Key that you sent through is included in the result message; so that you can confirm that you are sending the key that you intend to.

This error can occur if you generate a new API key but don't update your code to send the new API key through, or if you have incorrectly copy and pasted the key.

If you're stuck, check out the section on Debugging Authentication.