Solved

Can you use api_key in header instead of querystring?

  • 14 February 2023
  • 2 replies
  • 37 views

Badge +1

When using the REST API you are supposed to authenticate with the api_key parameter in the querystring.

 

A lot of logging systems automatically store querystrings in their access-logs so this is security-wise considered bad practice.

It would be better to also he able to authenticate by putting the api_key in the header.

 

I have tried and it does not look like it is used if i only move the property to the header. Has anyone gotten this to work?

icon

Best answer by Brian Turcotte 14 February 2023, 20:30

View original

2 replies

Userlevel 7
Badge +36

Hi @Trigger and welcome to the Community!

 

This is a great question! In our latest API release, we launched the V3 endpoints that actually do use the header authentication structure:

 

If you’re trying to call a legacy endpoint, then you would still have to authenticate in the query-string. Eventually, the legacy endpoints will be depreciated, so I highly recommend transitioning to the new endpoints when possible. Here’s a helpful guide that we created to help people transition from the legacy → new endpoints:

 

I hope this helps to clarify, and thanks for using the Community!

- Brian 

Badge +1

That is great, thanks Brian. I will switch over to the new API.

Thank you!

Reply