search

Authentication

Learn how to authenticate with the DotPassport API using API keys.

hashtag
Overview

All API requests require authentication via an API key. The SDK handles authentication automatically once you provide your key during initialization.

hashtag
Getting an API Key

hashtag
Step 1: Create an Account

  1. Visit dotpassport.com/developersarrow-up-right

  2. Sign up for a developer account

  3. Verify your email address

hashtag
Step 2: Generate API Key

  1. Navigate to the API Keys section in your dashboard

  2. Click Generate New Key

  3. Choose your key type (Test or Live)

  4. Copy your API key immediately (it won't be shown again)

triangle-exclamation

Important: Store your API key securely. Never expose it in client-side code or commit it to version control.

hashtag
API Key Types

hashtag
Test Keys (test_*)

  • For development and testing

  • Access to sandbox data only

  • No production data access

  • Unlimited for development

hashtag
Live Keys (live_*)

  • For production use

  • Access to real user data

  • Rate limits apply based on tier

  • Requires verified account

hashtag
Using API Keys

hashtag
Environment Variables (Recommended)

Store your API key in environment variables:

Then use it in your code:

hashtag
Configuration Files

For Node.js applications, use a config file:

hashtag
Framework-Specific Setup

hashtag
Next.js

hashtag
Vite

hashtag
Create React App

hashtag
Security Best Practices

hashtag
DO ✅

  • Store API keys in environment variables

  • Use server-side API calls when possible

  • Rotate keys regularly

  • Use different keys for development and production

  • Restrict API key permissions

  • Monitor API key usage

hashtag
DON'T ❌

  • Commit API keys to version control

  • Expose keys in client-side JavaScript (for sensitive operations)

  • Share keys between environments

  • Use production keys in development

  • Hardcode keys in source code

  • Log API keys

hashtag
Key Permissions

Configure what your API keys can access:

Permission
Description
Recommended For

Read Only

Fetch user data only

Public widgets, display-only apps

Read/Write

Fetch and update data

Admin dashboards, management tools

Full Access

All API operations

Server-side applications

circle-info

Use the principle of least privilege: grant only the permissions your application needs.

hashtag
Rotating API Keys

Regularly rotate your API keys for security:

  1. Generate a new API key

  2. Update your environment variables

  3. Deploy the changes

  4. Verify the new key works

  5. Revoke the old key

hashtag
Troubleshooting

hashtag
Invalid API Key (401)

Problem: Getting "Invalid API key" error

Solutions:

  • Verify the key is correctly copied (no extra spaces)

  • Check the key starts with live_ or test_

  • Ensure the key hasn't been revoked

  • Verify environment variables are loaded

hashtag
Missing API Key

Problem: Getting "Missing API key" error

Solutions:

  • Check environment variable is set

  • Verify the variable name matches your code

  • Restart your development server

  • Check .env file is in the correct location

hashtag
Permission Denied (403)

Problem: API key doesn't have required permissions

Solutions:

  • Check key permissions in dashboard

  • Generate a new key with correct permissions

  • Use a different key for this operation

hashtag
Next Steps

PreviousQuick StartNextOverview

Last updated