API Keys

API keys are unique identifiers that authenticate your requests to Pulpminer. This guide explains how to manage and use your API keys securely.

Getting Your API Key

  1. Sign in to your Pulpminer account
  2. Navigate to the API Keys section
  3. Your API key will be displayed in the dashboard
  4. Use the copy button to copy the key

Never share your API key publicly or commit it to version control. Keep it secure at all times.

Using API Keys

Header Format

Include your API key in the request header:

apikey: YOUR_API_KEY

Example Requests

cURL

curl -H "apikey: YOUR_API_KEY" https://api.pulpminer.com/external/123

JavaScript

const response = await fetch('https://api.pulpminer.com/external/123', {
  headers: {
    'apikey': 'YOUR_API_KEY'
  }
});

Python

import requests

headers = {
    'apikey': 'YOUR_API_KEY'
}

response = requests.get(
    'https://api.pulpminer.com/external/123',
    headers=headers
)

Security Best Practices

1. Environment Variables

Store your API key in environment variables:

# .env file
PULPMINER_API_KEY=your_api_key_here

// JavaScript
const apiKey = process.env.PULPMINER_API_KEY;

# Python
import os
api_key = os.environ.get('PULPMINER_API_KEY')

2. Access Control

  • Keep keys secure
  • Use different keys for different environments
  • Rotate keys periodically
  • Monitor key usage

3. Error Handling

Handle authentication errors gracefully:

try {
  const response = await fetch('https://api.pulpminer.com/external/123', {
    headers: { 'apikey': apiKey }
  });
  
  if (!response.ok) {
    const error = await response.json();
    if (error.errors[0].message === 'invalid key') {
      // Handle invalid API key
    }
  }
} catch (error) {
  // Handle network errors
}

Key Management

Viewing Keys

  1. Log into your dashboard
  2. Go to API Keys section
  3. View all active keys
  4. Check last used timestamp

Key Status

Monitor your keys:

  • Active/Inactive status
  • Usage statistics
  • Associated endpoints
  • Creation date

Error Responses

Invalid Key

{
  "data": null,
  "errors": [
    {
      "message": "invalid key"
    }
  ]
}

Missing Key

{
  "data": null,
  "errors": [
    {
      "message": "Path: apikey -  Message: Required"
    }
  ]
}

Development vs Production

Development

  • Use separate keys for testing
  • Implement proper error handling
  • Monitor usage patterns
  • Test key rotation

Production

  • Use secure key storage
  • Implement retry logic
  • Monitor for unauthorized use
  • Regular key rotation

Key Storage

✅ Environment variables ✅ Secret management services ✅ Encrypted configuration ✅ Key vaults

❌ Source code ❌ Public repositories ❌ Unencrypted files ❌ Shared documents

Implementation Examples

Node.js Express

require('dotenv').config();

app.use((req, res, next) => {
  const apiKey = req.headers.apikey;
  
  if (!apiKey || apiKey !== process.env.PULPMINER_API_KEY) {
    return res.status(401).json({
      data: null,
      errors: [{ message: 'Invalid API key' }]
    });
  }
  
  next();
});

Python Flask

from flask import Flask, request
from os import environ

app = Flask(__name__)

@app.before_request
def verify_api_key():
    api_key = request.headers.get('apikey')
    if not api_key or api_key != environ.get('PULPMINER_API_KEY'):
        return {
            'data': None,
            'errors': [{'message': 'Invalid API key'}]
        }, 401

Best Practices

  1. Security

    • Use environment variables
    • Implement proper encryption
    • Regular key rotation
    • Monitor for breaches

  2. Implementation

    • Validate keys server-side
    • Handle errors gracefully
    • Use retry logic
    • Log authentication failures

  3. Monitoring

    • Track usage patterns
    • Monitor for abuse
    • Set up alerts
    • Regular audits

Troubleshooting

Common Issues

  1. Authentication Failures

    • Verify key is correct
    • Check header format
    • Ensure key is active
    • Check for typos

  2. Implementation Problems

    • Validate header format
    • Check environment variables
    • Verify request format
    • Test error handling

  3. Security Concerns

    • Audit key usage
    • Check for exposure
    • Review access patterns
    • Monitor for abuse

Need Help?

If you’re having API key issues:

  1. Verify your implementation
  2. Check the error response
  3. Review security practices
  4. Contact support at hello@pulpminer.com