Authentication

You can obtain and manage your secure API key in the admin pages to make authenticated requests to the WordFields API.

API Key

For authentication, the API key must be included in all API requests to the server within a header formatted like this:

 x-api-key: <YOUR_API_KEY>

Keeping things secure

The WordFields API uses HTTPS to encrypt the data transmitted between your application and the API, this prevents the API key from being intercepted by potential attackers. Using API keys is a standard practice, but there are some considerations and best practices to follow to ensure its security:

  1. Keep API Keys Confidential: Treat API keys like passwords. Do not hard-code them in your application, especially in client-side code. Instead, store them securely in environment variables or a secure secrets management service.

  2. Regenerate and Rotate Keys Regularly: Periodically regenerate your API keys and update your applications to use the new keys. This minimizes the risk if a key is compromised.

  3. Limit API Key Permissions: Provide the least privilege necessary. Ensure that each API key has only the permissions it needs to function.

  4. Revoke Compromised Keys: If you suspect that an API key has been compromised, revoke it immediately on workspace admin page and generate a new one.