API calls need to be authenticated and authorized. You can do this by providing your secret key in the Authorization header of every request you make. You should authenticate your API client with the following header Authorization: Bearer SECRET_KEY

Your secret keys are meant to stay secret/hidden/private at all times.

To get your keys

• Log in to your Yangaplug dashboard.
• Navigate to Settings
• Select the API Keys open in the Developers section of the menu to view and copy your keys.

🚧

IMPORTANT

If you think your keys may have been compromised (for instance, you accidentally committed them to Git), you should immediately generate new ones using the Reset API Key button on the Developer Section of your dashboard

This will invalidate all existing keys and give you a new set, and you can then update your app to use the new ones.

📘

Authentication

To authorize API calls from your server, pass your secret key as a bearer token. This means passing an Authorization header with a value of Bearer: YOUR_SECRET_KEY

Every single API request must be authenticated or will fail with the status code 401: Unauthorized

🚧

Security

All API requests must be made over HTTPS. Please do not manually disable certificate verification from your HTTP client

❗️

Full Access

Please note that your secret key can perform any actions on your Yangaplug account without restriction. It needs to be securely and confidentially stored.

Please do not include this in your git repository, mobile app or Frontend code.

In the instance you believe your key has been compromised, please make sure to revoke the key from the dashboard