API Authentication Guide
Learn how to authenticate API requests using your API key and avoid common mistakes.
Overview
All API requests to Begini must be authenticated using an API key.
The API key identifies your integration and ensures that only authorised systems can interact with Begini services.
What is an API key
An API key is a unique credential associated with your Begini integration.
It is used to:
- Authenticate API requests
- Identify your integration
- Control access to Begini services
Each environment (e.g. test and production) has its own API key.
Where to find your API key
Your API key is available in the Begini admin dashboard.
Typically:
- Navigate to the integration settings
- Locate your integration
- Copy the API key
This key should be stored securely and never exposed publicly.
How authentication works
When making an API request to Begini:
- Your system includes the API key in the request
- Begini validates the key
- The request is authorised and processed
If the API key is missing or invalid, the request will be rejected.
Passing the API key
The API key is typically sent in the request headers.
Example:
Authorization: Bearer YOUR_API_KEYThis header must be included in all API requests.
Example request
POST /create-session HTTP/1.1
Host: api.begini.com
Authorization: Bearer YOUR_API_KEY
Content-Type: application/json
{
"integration_id": "1234567890",
"unique_id": "USER-123"
}This example shows how the API key is included alongside the request payload.
Handling authentication errors
If authentication fails, you may receive an error response such as:
- HTTP 401 (Unauthorized)
- HTTP 403 (Forbidden)
Common causes include:
- Missing API key
- Incorrect API key
- Using the wrong environment key
Best practices
- Store API keys in secure server-side environments
- Never expose API keys in client-side code
- Use environment variables or secure vaults
- Rotate API keys if compromised
- Use separate keys for test and production
Common mistakes to avoid
- Hardcoding API keys in frontend applications
- Sharing API keys across environments
- Committing API keys to source control
- Logging API keys in plaintext
API key vs Integration ID
It is important to distinguish between:
- API key → used for authentication
- Integration ID → used to identify your integration within requests
Both are required, but they serve different purposes.
For more detail, see:
- Integration ID & Unique ID Guide
Next steps
To continue setting up your integration:
- Environments (Sandbox vs Production)
- HMAC Verification Guide
- Security Best Practices
Was this article helpful?
Give feedback