API Keys

API keys allow your backend services to authenticate with Optare without user credentials.

Creating API Keys

Generate an API key from your dashboard.

1. Navigate to Settings → API Keys
2. Click "Create API Key"
3. Set permissions and expiration
4. Copy the key (shown only once)

Using API Keys

Include the API key in your requests.

const response = await fetch('https://api.optare.com/v1/users', {
  headers: {
    'Authorization': 'Bearer your-api-key',
    'Content-Type': 'application/json'
  }
})

Key Permissions

API keys can have different permission scopes:

• users:read - Read user data
• users:write - Create and update users
• orgs:read - Read organization data
• orgs:write - Manage organizations
• admin - Full access

Security Best Practices

Store Securely Never commit API keys to version control. Use environment variables.

OPTARE_API_KEY=your-api-key

Rotate Regularly Rotate keys every 90 days or when compromised.

Use Minimal Permissions Grant only the permissions needed for each key.

Set Expiration Configure automatic expiration for temporary keys.

Revoking Keys

Revoke compromised or unused keys immediately:

1. Go to Settings → API Keys
2. Find the key
3. Click "Revoke"

Revoked keys stop working immediately.

Rate Limits

API keys are subject to rate limits:

• 1000 requests per minute
• 50,000 requests per day

Contact support for higher limits.

Next Steps

• Authentication API - API endpoints
• Webhooks - Event notifications
• Security - Security guidelines