API Authentication
2 min read
The Footprint API uses API keys to authenticate requests. You can view and manage your API keys in the developer dashboard. Go to the Footprint developer dashboard and generate a new Secret API Key.
| Prefix | Description |
|---|---|
sk_test | Prefix for Test mode API secret keys. No costs are incurred using these keys! |
sk_live | Prefix for Live mode API secret keys |
Treat this key like a sensitive password! Your API keys carry many privileges, so be sure to keep them secure! Do not post your secret keys in publicly accessible places like GitHub or client-side code like web front-ends.
Basic Authentication
Authentication to the API is performed via HTTP Basic Authentication. Provide your API key as the basic auth username value with no password. In curl syntax this would be written as -u <api_key>:. For example:
bash
curl ... -u sk_test_CXUsbCR8j2kH6e5GeEl8eSBnQTIPCUaKpv:
Header Authentication
Alternatively, Footprint supports header-based auth via the X-Footprint-Secret-Key header. For example, to authenticate with header auth using cURL use the following instead of -u <api_key>:
bash
curl ... -H "X-Footprint-Secret-Key: sk_test_CXUsbCR8j2kH6e5GeEl8eSBnQTIPCUaKpv"
All API requests must be made over HTTPS, calls made over plain HTTP will fail.
Check that your key works
You can check that your API key is working as expected:
bash
curl https://api.onefootprint.com/org/api_keys/check -u sk_test_CXUsbCR8j2kH6e5GeEl8eSBnQTIPCUaKpv: