Can you use api_key in header instead of querystring?

  • 14 February 2023
  • 2 replies

Badge +1

When using the REST API you are supposed to authenticate with the api_key parameter in the querystring.


A lot of logging systems automatically store querystrings in their access-logs so this is security-wise considered bad practice.

It would be better to also he able to authenticate by putting the api_key in the header.


I have tried and it does not look like it is used if i only move the property to the header. Has anyone gotten this to work?


Best answer by Brian Turcotte 14 February 2023, 20:30

View original

2 replies

Userlevel 7
Badge +36

Hi @Trigger and welcome to the Community!


This is a great question! In our latest API release, we launched the V3 endpoints that actually do use the header authentication structure:


If you’re trying to call a legacy endpoint, then you would still have to authenticate in the query-string. Eventually, the legacy endpoints will be depreciated, so I highly recommend transitioning to the new endpoints when possible. Here’s a helpful guide that we created to help people transition from the legacy → new endpoints:


I hope this helps to clarify, and thanks for using the Community!

- Brian 

Badge +1

That is great, thanks Brian. I will switch over to the new API.

Thank you!