API keys
API keys authenticate calls to the Coassemble API. Your API key is what lets your backend talk to ours.
Where to find your API key
Open Settings. In the Developer section of the left-hand menu, select API Keys.
What's on the page
API Key
The workspace's API key, automatically generated for you. Click the copy icon next to the key to copy it to your clipboard.
API Authorization Header
The full Authorization header value you need to include with every REST API call. This is your API key, pre-formatted as a complete header. Click the copy icon to copy the whole header in one go.
The header looks like this:
Authorization: COASSEMBLE:[workspace ID]:[key]
Setup guide
A link out to the developer documentation with a full walkthrough of authentication, endpoints, and example requests.
Using your API key
Include the Authorization header in your REST API requests. Most HTTP clients let you set headers directly, like this in curl:
curl https://api.coassemble.com/v1/... \
-H "Authorization: COASSEMBLE:[workspace ID]:[key]"
For the full set of endpoints and request shapes, see the developer documentation.
Keep your API key secure
Your API key gives whoever has it the ability to call the Coassemble API on behalf of your workspace. Treat it like a password.
- Don't commit it to public repositories.
- Don't include it in client-side code (anything that runs in the browser or on the learner's device).
- Use a backend proxy when making API calls from a web app, so the key stays on your server.
If you think your key has been exposed, contact support to have it rotated.
This article is maintained in our help centre. View the original ↗