Interim support for API Keys

For clients onboarded prior to January 2024, we will continue to support API keys as a method to authenticate requests for a transitionary period.


The use of API keys for authentication will be deprecated on July 31 2024 and efforts should be made to migrate to using OAuth 2.0.

Please reach out to support at [email protected] if any assistance is required with migrating over.

Details on our OAuth 2.0 authentication can be found here.

Accessing Your API Keys

API keys can be generated, viewed and managed in the Sikoia Dashboard.

API keys are tied to your account and environment driving which third parties are used and where your data is stored.

You may have multiple API keys for each environment. Please ensure that you're generating a key in the Sikoia Dashboard for the target environment.

If you do not have access to the Dashboard, please reach out to Sikoia Customer Support at [email protected].


Your API keys give wide access to the Sikoia API, so ensure you keep them secure!

Do not share your secret API keys in publicly visible areas such as GitHub, client-side code, etc.

Rotating & Revoking API Keys

As they have many privileges, we recommend you regularly rotate your API keys and have processes in place to ensure continuity of access in case we have to revoke a specific key.

API keys can be revoked in the Sikoia Dashboard.

Using Your API Keys

Your API key must be included as a header to each API request you submit:

header 'apikey: your_api_key'

Any request that does not contain this authentication will return a 401 error response.