API Authentication
All requests to MagicalAPI require authentication using an API key. This guide explains how to properly authenticate your requests.
Required Headers
Every API request must include these HTTP headers:
{
"Content-type": "application/json",
"api-key": "YOUR-API-KEY"
}
Request Examples
cURL
curl -X POST "https://gw.magicalapi.com/profile-data" \
-H "Content-Type: application/json" \
-H "api-key: YOUR-API-KEY" \
-d '{"username": "williamhgates"}'
Python
import requests
headers = {
'Content-Type': 'application/json',
'api-key': 'YOUR-API-KEY'
}
response = requests.post(
'https://gw.magicalapi.com/profile-data',
headers=headers,
json={'username': 'williamhgates'}
)
Node.js
const axios = require('axios');
const headers = {
'Content-Type': 'application/json',
'api-key': 'YOUR-API-KEY'
};
axios.post('https://gw.magicalapi.com/profile-data',
{ username: 'williamhgates' },
{ headers }
)
Security Best Practices
-
Store API Keys Securely
- Use environment variables
- Never commit API keys to version control
- Rotate keys periodically
-
Handle Keys in Code
# Load from environment variable
import os
api_key = os.environ.get('MAGICAL_API_KEY') -
Manage Multiple Keys
- Use different keys for development and production
- Limit key access to necessary services
- Monitor key usage regularly
warning
Never expose your API key in client-side code or share it with others. If you believe your key has been compromised, generate a new one immediately.