API Authentication
Pipetrace uses Bearer token authentication for API access. This guide covers how to create and use API tokens.
Getting an API Token
- Log in to your Pipetrace dashboard
- Go to Settings → API Keys
- Click Create New Key
- Give your key a descriptive name
- Copy the token (it won't be shown again)
Using the Token
Include the token in the Authorization header of every request:
Authorization: Bearer pt_live_xxxxxxxxxxxxxxxxxxxxcURL Example
curl -X GET \
'https://api.pipetrace.com/api/v1/sites' \
-H 'Authorization: Bearer pt_live_xxxxxxxxxxxxxxxxxxxx'JavaScript Example
const response = await fetch('https://api.pipetrace.com/api/v1/sites', {
headers: {
'Authorization': 'Bearer pt_live_xxxxxxxxxxxxxxxxxxxx'
}
})
const data = await response.json()Token Security
- Never expose tokens in client-side code - Use them only on your server
- Use environment variables - Don't hardcode tokens
- Rotate regularly - Create new tokens periodically
- Delete unused tokens - Remove tokens you no longer need
Error Responses
401 Unauthorized
{
"error": "UNAUTHORIZED",
"message": "Invalid or missing authentication token"
}403 Forbidden
{
"error": "FORBIDDEN",
"message": "You don't have access to this resource"
}Session Authentication
If you're building an integration that uses the same session as the web dashboard, you can use cookie-based authentication instead. This is automatically handled when making requests from the browser while logged in.