Skip to content
TrakkrAPI

Authentication

Authenticate your API requests using API keys. Learn about key types, security best practices, and how to handle authentication errors.

API Keys

The Trakkr API uses API keys to authenticate requests. You can view and manage your API keys from your account settings.

API keys are available on the Scale plan and above. Free and Growth plans do not include API access.

Key Format

API keys sk_live_

Full read/write access to all brands your account can access.

Using Your API Key

Include your API key in the Authorization header as a Bearer token:

Authorization: Bearer sk_live_xxxxxxxxxxxx

All API requests must include a valid API key. Requests without authentication or with an invalid key will return a 401 Unauthorized error.

Keep your API keys secure. Do not share them in publicly accessible areas such as GitHub, client-side code, or public documentation.

Environment Variables

We strongly recommend storing your API key in an environment variable rather than hardcoding it in your application:

Environment Setup
1# Add to your shell profile (~/.bashrc, ~/.zshrc, etc.)
2export TRAKKR_API_KEY="sk_live_xxxxxxxxxxxx"
3
4# Then use in requests
5curl -H "Authorization: Bearer $TRAKKR_API_KEY" \
6  'https://api.trakkr.ai/get-brands'

Security Best Practices

Use environment variables

Never commit API keys to version control. Use .env files and add them to .gitignore.

Rotate keys regularly

Periodically regenerate your API keys, especially if you suspect they may have been compromised.

Use separate keys per environment

Create different API keys for development, staging, and production environments.

Server-side only

Only make API requests from server-side code. Never expose your API key in client-side JavaScript, mobile apps, or browser extensions.

Authentication Errors

If authentication fails, the API returns a 401 Unauthorized status code with details about the error:

StatusError MessageDescription
401Missing API keyNo Authorization header was provided
403Invalid API keyThe API key doesn't exist or has been revoked
See the Errors reference for a complete list of error codes and how to handle them.

Code Example

Authentication
1curl -H 'Authorization: Bearer sk_live_xxxxxxxxxxxx' \
2  'https://api.trakkr.ai/get-brands'
401 Unauthorized
1{
2  "error": "Invalid API key"
3}
Press ? for keyboard shortcuts