Skip to main content
BOEN JIAMEI Turnitin dual reports
English
Log in Sign up

Authentication

Create API keys, sign requests, and keep credentials safe.

Overview

The API uses bearer tokens. Create an API key in the console, store it securely, and send it in the Authorization header for every request.

Keys are shown only once. If a key is exposed, revoke it and create a replacement immediately.

Request format

Send requests over HTTPS and include a JSON content type unless the endpoint is explicitly multipart.

  • Authorization: Bearer YOUR_API_KEY
  • Content-Type: application/json
  • Use idempotency keys when retrying create requests

Security practices

  • Keep API keys on the server and never ship them to browsers or mobile clients.
  • Use separate keys for development, staging, and production.
  • Rotate keys after team changes or suspected exposure.
  • Grant only the scopes needed by the integration.