search

Authentication

hashtag
Authentication

All Extension API endpoints are protected and require authentication.

The Extension API is designed for read-only access by backend applications (server to server).

hashtag
Authentication method

Authentication is performed using an API key.

Each request to the Extension API must include the API key in the HTTP header:

x-api-key: <your-api-key>

hashtag
Obtaining an API key

  • API keys are issued and managed manually

  • Keys are environment-specific (test and production)

  • To obtain an API key, contact the support team

hashtag
Error responses

Common authentication-related responses include:

  • 401 Unauthorized – Missing or invalid API key

  • 403 Forbidden – API key is valid but not authorized for the requested resource

hashtag
Security notes

  • Keep API keys confidential

  • Do not expose API keys publicly

  • Avoid embedding API keys directly in client-side code where possible

  • If a key is compromised, contact support to revoke and regenerate it

PreviousEXTENSION APINextAPI Reference

Last updated