Authentication
Learn how to authenticate with the Charter Boats API
API Key Authentication
The Charter Boats API uses API keys to authenticate requests. Include your API key in the X-API-Key header with every request.
Getting an API Key
Any registered user can generate an API key from the dashboard:
- Log in to charter.boats
- Go to Dashboard → Settings → API
- Click Generate API Key
- Copy and save your key (it is only shown once)
Your API key will look like: cb_live_ followed by 32 characters.
Regenerating Your Key
If your key is compromised, you can regenerate it from the same settings page. This will immediately invalidate your old key.
Security Best Practices
Never expose your API key in client-side code, public repositories, or anywhere it could be accessed by unauthorized parties.
Recommendations
| Do | Don't |
|---|---|
| Store API keys in environment variables | Commit API keys to version control |
| Use server-side code to make API calls | Include keys in client-side JavaScript |
| Rotate keys periodically | Share keys across different applications |
| Use different keys for dev and production |
Error Responses
401 Unauthorized
Returned when the API key is missing or invalid: