Authentication¶
Learn how to authenticate with the Voucher API using API keys and understand security best practices.
Overview
The Voucher API uses API key-based authentication for all requests. Your API key identifies your account and determines which operations you can perform. This guide covers everything you need to know about API key management, security best practices, and proper authentication implementation for both development and production environments.
API Keys
API keys are used to authenticate your requests and identify your account. Keep them secure and never expose them in client-side code.
Getting Your API Key¶
Follow these steps to generate API key:
- Create a Voucher API account at dashboard.voucher.com.
- Navigate to the API Keys section in your dashboard:
- Click the Generate API Key
-
Choose Environment: Select the appropriate environment for your API key:
Environment Description Use Case Production Live API with real data Production applications Sandbox Test environment Development and testing Environment Separation
Production and sandbox environments are completely separate. Data and vouchers created in sandbox won't appear in production.
Using API Keys¶
Follow these steps to use the API keys:
Request Headers¶
Include your API key in the Authorization header of all requests:
API Key Format¶
API keys follow this format:
Key Prefixes
sk_live_- Production API keyssk_test_- Sandbox API keys
Security Best Practices¶
🔒 Keep Keys Secure¶
Never Expose API Keys
- ❌ Don't commit API keys to version control
- ❌ Don't include keys in client-side code
- ❌ Don't share keys in public repositories
- ❌ Don't log keys in application logs
Secure Storage
- ✅ Store keys in environment variables
- ✅ Use secure key management services
- ✅ Rotate keys regularly
- ✅ Use different keys for different environments
Environment Variables¶
Store your API keys securely using environment variables:
Key Rotation¶
Regularly rotate your API keys for enhanced security:
- Generate new key in your dashboard
- Update your application with the new key
- Test thoroughly in sandbox environment
- Deploy to production with new key
- Revoke old key after successful deployment
Zero Downtime Rotation
Generate and test new keys before revoking old ones to ensure zero downtime during rotation.
Error Handling¶
Authentication Errors¶
Handle authentication errors gracefully:
try {
const response = await fetch('https://api.voucher.com/v1/vouchers', {
headers: {
'Authorization': 'Bearer sk_live_...'
}
});
if (response.status === 401) {
throw new Error('Invalid API key');
}
const data = await response.json();
} catch (error) {
console.error('Authentication failed:', error.message);
}
Common Authentication Errors¶
| Error Code | Description | Solution |
|---|---|---|
401 Unauthorized | Invalid or missing API key | Check API key format and validity |
403 Forbidden | Insufficient permissions | Verify key has required permissions |
429 Too Many Requests | Rate limit exceeded | Implement exponential backoff |
Testing Authentication¶
Verify Your API Key¶
Test your API key with a simple request:
Next Steps¶
- Core Concepts - Understand fundamental API concepts
- Quick Start Guide - Create your first voucher
- API Reference - Complete endpoint documentation
- Error Handling - Handle API errors properly
Need Help?¶
Authentication Support
- 🔑 API Key Management - Manage your keys
- 📚 Security Documentation - Security best practices
- 💬 Community Forum - Get help from other developers
- 📧 Support Team - Contact security team