Introduction

The Defacto API utilises API keys to authenticate requests.

In particular, authentication to the API is performed via HTTP Bearer Authentication (also called token authentication).

So, to perform an authenticated API call, you must set the Authorization header of your HTTP request to Bearer <YOUR_API_KEY>.

In this page, we guide through getting an Defacto API key and making your first authentication request.

Getting an API Key

The Defacto web application must be used to get an API key (sandbox here or production here). If this is your first time here, open the sandbox link.

🚧
Sandbox and production use distinct API keys
We generate different API keys and use two distinct accounts for the sandbox and production. So, be careful to use your API key with the right environment.

The below screenshot shows how to access the Settings section where you can get an API key.

On the settings page, click API Keys to access the section that enables you to manage your API keys.

You will be able to get your first API key by clicking the Add new API Key button (see example below).

Click the button on the right to copy the key. Then, come back to this guide.

1440 — Settings page containing the API keys

📘
API Key management on the Defacto Web Application
From the web application you can:

View and manage your API keys in the Settings menu.

Create an API key by using the Add new API Key button.

Revoke API keys

Your first authenticated API call

The API key that you just got should look like this:

Open the /hello page in a new tab, write Bearer in the authentication header section, followed by a space, and then paste your newly created API key. After that, click the Try it button.

You will see a welcoming message as a response. Congratulations!!! 🥳 You just did your first authenticated API call with the Defacto API.

Using the API key for programmatic API calls

To perform an authenticated API call programmatically, you must set the Authorization header of your HTTP requests to Bearer <YOUR_API_KEY>. This is very similar to what we just did from the documentation.

Example with curl:

curl --location --request GET 'https://api-sandbox.getdefacto.com/hello' -H 'Authorization: Bearer <API_KEY>'

❗️
IMPORTANT
Bearer authentication should only be used over HTTPS (SSL). API requests without authentication will fail and return a 401 HTTP code.

Now, you should be ready to integrate with our API.

Keep your API keys secure!

❗️
IMPORTANT
API keys carry many privileges, so keep them secure! Do not share your secret API keys in publicly accessible areas.