Authentication

All API requests require authentication using your API key in the Authorization header.

Contents

• API Key Authentication
• Getting Your API Key
• Example Requests
• Security Best Practices
• API Key Management
• Common Authentication Errors

API Key Authentication

Authorization: Bearer YOUR_API_KEY

Important Security Notes:

• Keep your API keys secure and never expose them in client-side code
• Use environment variables or secure configuration management
• Never commit keys to version control

Getting Your API Key

1. Sign up at appizer.com
2. Create a new project
3. Navigate to Settings > API Keys
4. Copy your API key

Example Requests

JavaScript

const response = await fetch('https://api.appizer.com/v1/events', {
  method: 'POST',
  headers: {
    'Authorization': 'Bearer YOUR_API_KEY',
    'Content-Type': 'application/json'
  },
  body: JSON.stringify({
    event_name: 'test_event',
    user_id: 'user_123'
  })
});

Python

import requests

response = requests.post(
    'https://api.appizer.com/v1/events',
    headers={
        'Authorization': 'Bearer YOUR_API_KEY',
        'Content-Type': 'application/json'
    },
    json={
        'event_name': 'test_event',
        'user_id': 'user_123'
    }
)

cURL

curl -X POST https://api.appizer.com/v1/events \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"event_name": "test_event", "user_id": "user_123"}'

Security Best Practices

Keep API Keys Secure

• Never expose API keys in client-side code
• Store keys in environment variables
• Use secure configuration management
• Never commit keys to version control

Environment Variables

Node.js (.env file):

APPIZER_API_KEY=your_api_key_here

require('dotenv').config();
const apiKey = process.env.APPIZER_API_KEY;

Python (.env file):

APPIZER_API_KEY=your_api_key_here

import os
from dotenv import load_dotenv

load_dotenv()
api_key = os.getenv('APPIZER_API_KEY')

Rotate Keys Regularly

1. Generate a new API key in your dashboard
2. Update your applications with the new key
3. Test that the new key works
4. Revoke the old key

Use Different Keys for Different Environments

• Development: Use a separate API key for testing
• Staging: Use a different key for staging environment
• Production: Use a dedicated production key

API Key Scopes

API keys have different permission levels:

• Read: View data (events, users, analytics)
• Write: Create and modify data
• Admin: Full access including key management

Error Responses

401 Unauthorized

Invalid or missing API key:

{
  "error": "Unauthorized",
  "message": "Invalid or missing API key"
}

403 Forbidden

Insufficient permissions:

{
  "error": "Forbidden",
  "message": "API key does not have permission for this operation"
}

Testing Authentication

Test your API key with a simple request:

curl -X GET https://api.appizer.com/v1/auth/test \
  -H "Authorization: Bearer YOUR_API_KEY"

Success Response:

{
  "authenticated": true,
  "app_id": "app_123",
  "permissions": ["read", "write"]
}

MCP Authentication

For Model Context Protocol (MCP) integrations, use a separate MCP API key:

X-MCP-API-Key: YOUR_MCP_API_KEY

See MCP Authentication for details.

Rate Limiting

Authenticated requests are subject to rate limits based on your plan:

• Free: 1,000 requests per hour
• Pro: 10,000 requests per hour
• Enterprise: Custom limits

See Rate Limits for details.

Support

If you're having authentication issues:

1. Verify your API key is correct
2. Check that the Authorization header is properly formatted
3. Ensure your key hasn't been revoked
4. Contact support@appizer.com for assistance