Authentication Guide

To securely access the OptimoveAPI, you need to include your API key in the request headers. This guide will walk you through the authentication process using the "X-API-KEY" header key.

Obtaining Your API Key

Before you can authenticate your API requests, you need to obtain your API key. Please read in this link how you can generate your API key.

Authenticating API Requests

Once you have your API key, you can authenticate your requests by including the key in the request headers. Follow the steps below to add the authentication header to your API requests:

  1. Set the "X-API-KEY" header key in your request.
  2. Assign the value of your API key to the header key.

Here's an example of how to include the "X-API-KEY" header key in a cURL request:


Replace YOUR_API_KEY with the API key you obtained earlier.

Handling Authentication Errors

In case of authentication errors, the OptimoveAPI will return appropriate HTTP status codes and error messages. Common errors include invalid or missing API key, expired or revoked API key, or insufficient permissions.

Common errors might include wrong strings, disabled or deleted API keys. Optimove might apply a key rotation policy, which will be accordingly communicated to all of our users by their contact email.

Security Best Practices

To ensure the security of your API key and protect your account, follow these best practices:

  1. Keep your API key confidential and avoid sharing it publicly.
  2. Store your API key securely, preferably using secure storage mechanisms or environment variables.
  3. Rotate your API key periodically to minimize the risk of unauthorized access.
  4. Monitor your API usage regularly to detect any suspicious activity.

By adhering to these best practices, you can enhance the security of your API integration with Optimove.