Blazelock

Authentication

Learn how to securely authenticate API requests using API keys.

The Blazelock API uses API keys for authentication. Create a key in your API integration in the Blazelock Dashboard and send it as a bearer token with every request.

Need help creating, listing, revoking, or rotating keys in the dashboard? See Managing API keys.

Bearer authentication

Include your API key in the HTTP Authorization header of your API requests as follows:

Authorization: Bearer YOUR_API_KEY

If the header is missing or the key is invalid, the API returns 401 Unauthorized.

Security best practices

  • Keep keys server-side: Never expose API keys in client-side code or commit them to public repositories. For frontend applications, send requests through your backend instead.
  • Store keys securely: Store keys in environment variables or a secret manager, not in source code.
  • Separate environments: Use separate keys for each environment or service so you can rotate or revoke them without affecting other systems.
  • Copy once, store safely: Copy the key and store it securely when you create it. Blazelock only shows the plain-text value once.

Introduction

Start with the API fundamentals, request flow, and core concepts.

Rate Limits

Understand request limits, throttling behavior, and how to avoid rejected requests.

On this page

Bearer authenticationSecurity best practices