TAGBASE

API Reference

API keys

The credential resource: how keys are minted and presented.

An API key is the credential an account authenticates with. A key belongs to exactly one account and only ever sees that account’s resources.

Fields

Field Type Notes
id string key_-prefixed. The public part of the credential.
secret string The full key_id:secret credential. Returned once, at mint time.

The platform stores only a hash of the secret. After the response that mints a key, the secret is unrecoverable — if it’s lost, the key must be replaced.

How keys are minted

Keys are not created through a standalone endpoint. Your master account’s key is provisioned by TAGBASE when you’re onboarded — see Obtaining a key. Every key after that is minted automatically when you create an account, and returned as an included api_keys resource on that response:

{

  "type": "api_keys",

  "id": "key_abcdef0123456789",

  "attributes": { "secret": "key_abcdef0123456789:superstrongrandomsecret" }

}

Presenting a key

Send the full secret string as a bearer token on every request. See Authentication for details and error shapes.

Authorization: Bearer key_abcdef0123456789:superstrongrandomsecret

Lifecycle

  • An account can hold more than one active key, which is what lets you rotate without downtime.
  • A revoked key stops working immediately and authenticates as 401.

Self-service endpoints to create, list, or revoke a key on an existing account are not part of the public API yet. Today a key is minted with its account; rotation and revocation on an existing account are handled by TAGBASE.

TAGBASE uses cookies to keep you signed in and protect against fraud. With your permission, we also measure how the site is used. Read our cookie policy for details.
Necessary
Analytics