API Keys
Use API keys to authenticate API requests.
Fitmate authenticates your API requests using your account’s API keys. If a request doesn’t include a valid key, Fitmate returns an invalid request error. If a request includes a deleted or expired key, Fitmate returns an authentication error.
You can use the Partner Dashboard to create, reveal, delete, and roll API keys. To access your API keys, select the API Keys tab on your Dashboard.
Sandbox and live keys
Keep your keys safe
Anyone can use your live mode secret API key to make any API call on behalf of your account, such as retrieving customer data. Keep your keys safe by following these best practices:
- Grant access only to those who need it.
- Don’t store keys in a version control system.
- Control access to keys with a password manager or secrets management service.
- Don’t embed a key where it could be exposed to an attacker, such as in a mobile application.