Skip to main content
Back to Help Center
API & Integrations

Authentication

6 min read
Last updated: March 2025

Secure API access

Our API uses API keys for authentication. Keep your keys secure and rotate them regularly. All API requests must include proper authentication headers to access protected endpoints.

Generating API keys

1

Access API settings

Navigate to your account settings and find the API section. You'll need an Enterprise plan or API add-on to access API features.

Dashboard: Settings → API → API Keys
2

Create new API key

Click "Generate New Key" and give your key a descriptive name. This helps you track which applications or services are using each key.

Best practices: Use descriptive names like "Production App", "Staging Environment", "Mobile App"
3

Copy and store securely

Copy the generated API key immediately. For security, it will only be shown once. Store it securely in your application's environment variables or secret management system.

Important security note

API keys provide full access to your account. Never share them publicly, commit them to code repositories, or send them via unsecured channels.

Using API keys in requests

Include the API key in your request headers:

Header
Authorization: Bearer your_api_key_here
Use Bearer authentication scheme
Include the header in all API requests
No additional authentication required

Code examples

cURL

curl -X GET \
  "https://api.aiseoturbo.com/v1/audits" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json"

JavaScript

const response = await fetch('/v1/audits', {
  headers: {
    'Authorization': 'Bearer YOUR_API_KEY',
    'Content-Type': 'application/json'
  }
});

Python

import requests

response = requests.get(
    'https://api.aiseoturbo.com/v1/audits',
    headers={
        'Authorization': 'Bearer YOUR_API_KEY',
        'Content-Type': 'application/json'
    }
)

PHP

$ch = curl_init();

curl_setopt($ch, CURLOPT_URL, '/v1/audits');
curl_setopt($ch, CURLOPT_HTTPHEADER, [
    'Authorization: Bearer YOUR_API_KEY',
    'Content-Type: application/json'
]);

$response = curl_exec($ch);

Managing API keys

Viewing Keys

You can view all your API keys in the dashboard, but the full key value is only shown during creation.

Keys show masked values for security

Rotating Keys

Regularly rotate your API keys for security. Create new keys and update your applications before deleting old ones.

Recommended: Rotate every 90 days

Revoking Keys

Immediately revoke compromised keys. This will prevent any further API access using that key.

Revocation is instant and irreversible

Key Permissions

All API keys have full access to your account. We're working on granular permissions for future releases.

Full account access currently

Security best practices

Environment Variables

Store API keys in environment variables, never in your source code or configuration files.

Separate Keys

Use different API keys for different environments (development, staging, production).

Regular Rotation

Rotate API keys every 90 days or immediately if you suspect compromise.

Monitor Usage

Regularly check your API usage logs for unusual activity or unauthorized access.

HTTPS Only

Always use HTTPS when making API requests to ensure encrypted communication.

Rate limiting

1000
Requests
Per hour
10,000
Requests
Per day
429
Status Code
Rate limit exceeded

Rate limits are applied per API key. If you exceed these limits, you'll receive a 429 status code. Enterprise customers can request higher limits.

Need help with API authentication?

Having trouble with API keys or authentication? Our developer support team can help you get set up quickly.

Contact Developer SupportView All API Articles