The Opkit API uses API keys to authenticate requests. Currently, there is no way to create and manage API keys in a self-serve manner. If you need to create or delete an API key, please contact Opkit support.

Your API keys control carry many privilges and control access to sensitive data. You are responsible for keeping them secure. Never post your API keys in publicly accessible areas such as GitHub, client-side code, etc.

Authentication to the API is performed using the HTTP Bearer Token scheme. Simply include the Authorization header with your request and set the value to Bearer <YOUR_API_KEY>.

You must make all API calls over HTTPS. Calls that you make over plain HTTP will fail. API requests without authentication will also fail.