Skip to main content

API Key Authentication

Core X Tracker API uses API keys to authenticate requests. Include your API key in the request header for all API calls.
Keep your API key secure and never share it publicly. Treat it like a password.

How to Authenticate

Include your API key in the X-API-Key header: 
curl https://api.corebot.app/v1/users/44196397 \
  -H "X-API-Key: your_api_key_here"

Error Responses

Authentication Errors

If authentication fails, you’ll receive a 401 error: 
{
  "error": {
    "message": "Invalid API key",
    "code": "E401"
  }
}

Rate Limit Errors

If you exceed rate limits, you’ll receive a 429 error: 
{
  "error": {
    "message": "Rate limit exceeded. Please try again later.",
    "code": "E429"
  }
}
The response includes a Retry-After header indicating when you can retry your request.

Best Practices

Never hardcode API keys in your source code. Use environment variables or secure key management systems.
For security, rotate your API keys periodically and update your applications.
Keep track of your API usage to avoid hitting rate limits.
Always use HTTPS when making API requests to ensure your API key is encrypted in transit.