Secure API access: Authentication guidelines and best practices
To ensure secure interactions with our public API, each request must be authenticated using your unique secret API key.
Obtaining your secret API key
- Log in to your Connecteam profile
- Go to Settings
- Select API keys
- Click on Add API key to generate a new key
Important security notice: Keep your API key confidential
- Do not share publicly: Your API key is equivalent to a password. It should never be shared publicly or exposed in unsecured locations.
- Client-side caution: Avoid storing the API key on the client side of your application. This practice can lead to security vulnerabilities.
Authenticating your API requests
To authenticate an API request, include your secret API key using bearer authentication in the request header. Here's a sample cURL command to demonstrate the process:
curl --request GET \
--url 'https://app.connecteam.com/external-api/me' \
--header 'Accept: application/json' \
--header 'X-API-KEY: <API_KEY>'
Replace <API_KEY> with your actual API key. This header ensures that your request is processed securely and efficiently.
By following these guidelines, you can confidently and securely interact with our API, ensuring both data integrity and security.