Authentication

In order to use HyperTrack, you will need authenticate using keys. You can get your keys by visiting the Account section of your Dashboard. If you don't already have an account, sign up here.

Introduction to keys

The HyperTrack API follows HTTP basic auth to authenticate API calls with a token. Every API call needs to have the Authorization key sent in the request header with the token. If you are using the API helper libraries and/or the SDKs, they need to be configured with the token, as described in their setup instructions. After configuration, they handle the authentication headers internally.

API Header Auth

Secret key

The secret key is authorized for all API calls - to create, edit, list, retrieve and delete data. It looks like sk_1234567890abcde.

The secret key is used on the server-side, for backend-to-backend communication. The API helper libraries for backend use the secret key. As the name suggests, you should never share your secret key., which includes putting it into any public code source.

Publishable key

The publishable key is authorized for read-only API calls for specific data entities, and some write methods from the SDKs. With the publishable key, you can retrieve one or more entities with their unique id. It looks like pk_1234567890abcde.

The publishable key is used by the SDKs in your mobile apps. You can hard-code the publishable key in the app.

Test environment

There are two types of environments for your HyperTrack account:

  • Production environment: Unlimited users, unlimited actions, actions billed monthly (see pricing)
  • Test environment: 20 users/day, unlimited actions, actions free to use

For each of these two environments, we provide you with two different sets of keys with different nomenclature:

  • Test Account Secret Key: sk_test_123456
  • Test Account Publishable Key: pk_test_123456
  • Production Account Secret Key: sk_123456
  • Production Account Publishable Key: pk_123456

[info] Rolling keys

If at any point, you think your keys have been compromised, send us a request for a new secret or publishable key for your account. We will roll your keys. Note that the previous keys will no longer be authorized, and any API calls with the old keys will fail with 401/403 HTTP status code.

Was this helpful? Yes, thanks! Not really

results matching ""

    No results matching ""