This guide will help you setup your API keys on HyperTrack. To use the SDKs and REST API, you will need the keys to authenticate yourself.
The HyperTrack API follows HTTP basic auth to authenticate API calls with a token. Every API call needs to have the
Authorization key sent in the request header with the token, as shown below.
Authorization: token sk_1234567890abcde
If you are using the API helper libraries and/or the SDKs, they need to be configured with the token, as described in their setup instructions. After configuration, they handle the authentication headers internally.
Get your keys
- Sign up with your email and password.
- Verify your account by clicking on the link sent to your email.
- Login into the dashboard, and get your secret and publishable keys on the account page.
The secret key is authorised for all API calls - to create, edit, list, retrieve and delete data. It looks like
The secret key is to be used on the server-side, for backend-to-backend communication. The API helper libraries for backend use the secret key. As the name suggests, you should never share your secret key.
The publishable key is authorised for read-only API calls for specific data entities, and some write methods from the SDKs. With the publishable key, you can retrieve one or more entities with their unique id. It looks like
The publishable key is used by the SDKs in your mobile apps. You can hard-code the publishable key in the app.
[info] Rolling keys
If you think your keys have been compromised, at any point you can request for a new secret or publishable key for your account, by rolling your keys. Note that the previous key will no longer be authorised, and any API calls with the old keys will fail with 401/403 HTTP status code.