Authentication Guide

To securely access the OptimoveAPI, you need to include your API key in the request headers. This guide will walk you through the authentication process using the "X-API-KEY" header key.

Obtaining Your API Key

Before you can authenticate your API requests, you need to obtain your API key. Here's how you can generate your API key:

  1. As an Admin user, log in to your Optimove account at [your account]
  2. Navigate to settings > API Keys.
  3. Generate a new API Key. Make sure to assign the correct Role for this token user ([learn more](roles & permissions))
  1. Once generated, copy your API key and keep it secure. Do not share it publicly.

Authenticating API Requests

Once you have your API key, you can authenticate your requests by including the key in the request headers. Follow the steps below to add the authentication header to your API requests:

  1. Set the "X-API-KEY" header key in your request.
  2. Assign the value of your API key to the header key.

Here's an example of how to include the "X-API-KEY" header key in a cURL request:


Replace YOUR_API_KEY with the API key you obtained earlier.

Handling Authentication Errors

In case of authentication errors, the OptimoveAPI will return appropriate HTTP status codes and error messages. Common errors include invalid or missing API key, expired or revoked API key, or insufficient permissions.

Make sure to handle authentication errors in your code. Upon receiving an authentication error response, take appropriate action such as prompting the user to provide valid credentials or generating a new API key if necessary.

Security Best Practices

To ensure the security of your API key and protect your account, follow these best practices:

  1. Keep your API key confidential and avoid sharing it publicly.
  2. Store your API key securely, preferably using secure storage mechanisms or environment variables.
  3. Rotate your API key periodically to minimize the risk of unauthorized access.
  4. Monitor your API usage regularly to detect any suspicious activity.

By adhering to these best practices, you can enhance the security of your API integration with Optimove.