Malomo authenticates your API requests using your account's API keys. If you do not include your key when making an API request, or use one that is incorrect or outdated, Malomo returns an error.
There are two types of API keys: publishable and secret.
- Secret API keys should be kept confidential and only stored on your own servers. Your account's secret API key can perform any API request to Malomo without restriction. Be sure to keep this key secure! Do not share your secret API keys in publicly accessible areas such as GitHub, client-side code, an so-forth.
Authentication to the API is performed by providing your API key as a bearer token in the
curl https://api.gomalomo.com/orders/1323fa24-f252-4f97-9960-a36fee7c3a6a \
-H "Authorization: Bearer sk_452e3bab2f8c1f7cf03de018855fdf7e"
-H "Accept: application/vnd.malomo+json; version=2"
All API requests must be made over HTTPS. Calls made over plain HTTP will fail. API requests without authentication will also fail.