Skip to content

Authentication

Application API keys

The Afi API uses API keys to authenticate requests. You can view and manage your API keys at the Apps tab in the Afi Backup panel. Each Application can have up to two API keys for the seamless key rotation.

Warning

Your API keys carry many privileges and allow access to all the organizations and tenants that have installed your Application. Therefore, make sure to keep them secure!

Do not share or store your secret API keys in publicly accessible areas such as GitHub, client-side code, WhatsApp, email, and so forth.

Using Authorization header

Authentication is performed via HTTP Authorization header with a value set to the API key. Example of an authenticated request:

curl https://papi.afi.ai/api/v1/tenants/01F000000000000411Z1101G1Y \
   -H 'Authorization: appkey-93f742c166126bbc'

All API requests must be made over HTTPS. Calls made over plain HTTP will fail. API requests without authentication will also fail with 401 status code.