Authentication
Learn how to authenticate your API requests using API keys.
API Keys
The Pixelbase API uses API keys to authenticate requests. You can view and manage your API keys in the Dashboard under Settings > Organization > API Keys.
Your API keys carry many privileges, so be sure to keep them secure! Do not share your secret API keys in publicly accessible areas such as GitHub, client-side code, and so forth.
Note: You must be an administrator within your organization to manage API keys.
Authenticated Requests
Include the following headers in your API requests:
X-API-KeySet a valid API key for authentication. If you have admin access within your organization, go to the API Keys page to manage API keys.X-Organization-IDThe ID associated with the organization that the API key belongs to. The organization ID can be found here.curl https://pxb.app/api/public/v1/test-api-key \
-H "X-API-Key: your_api_key_here" \
-H "X-Organization-ID: your_organization_id_here"Error Responses
When authentication fails, the API will return one of the following error responses:
The API key is missing or invalid.
{
"message": "Unauthorized",
"err": "Invalid API key provided"
}The API key is valid but doesn't have permission for this resource.
{
"message": "Forbidden",
"err": "You do not have permission to access this resource"
}You have exceeded the rate limit for your tier.
{
"message": "Too Many Requests",
"err": "Rate limit exceeded. Please try again later.",
"retryAfter": 60
}Security Best Practices
- ✓Keep your API keys secret. Never expose them in client-side code, public repositories, or logs.
- ✓Use environment variables. Store API keys in environment variables rather than hardcoding them.
- ✓Rotate keys regularly. Create new API keys periodically and revoke old ones.
- ✓Use separate keys for different environments. Have distinct keys for development, staging, and production.