Securing your API requests is crucial when integrating with Straddle. This guide will walk you through the authentication process, ensuring your API calls are properly authenticated and your data remains secure.

Overview

Straddle uses Bearer Token authentication for API requests. This method involves including a unique API key in the Authorization header of each HTTP request you make to our API.
All API requests must be made over HTTPS. Calls made over plain HTTP will fail.

Obtaining Your API Key

Before you can authenticate your requests, you’ll need to obtain an API key:
  1. Log in to your Straddle Dashboard.
  2. Navigate to the API section.
  3. Click on “Generate New API Key”.
  4. Copy your new API key and store it securely.
Your API key carries many privileges, so be sure to keep it secure! Do not share your secret API keys in publicly accessible areas such as GitHub, client-side code, or in your application logs.

Using Your API Key

To authenticate an API request, you should include your API key in the Authorization header. The value of this header should be formatted as Bearer YOUR_API_KEY. Here’s an example of how to include the Authorization header in your API requests: 
curl https://sandbox.straddle.io/v1/accounts \
  -H "Authorization: Bearer 51NBBbbDBkrcnHrnR0nBGsOvFHQrM0n8T1FKZmAUWbJqq8oRsAM3dEZzBIbHwzKrVUUFOyRvX1Ib8Sn3VWWQMW00r300IIrGBWb1"

API Keys for Different Environments

Straddle provides separate API keys for test and production environments:
  • Test API Keys: These keys are prefixed with sk_test_ and are used for testing your integration without affecting live data.
  • Production API Keys: These keys are prefixed with sk_live_ and are used for live transactions in your production environment.
Always use test API keys when developing and testing your integration. Only switch to production keys when you’re ready to go live.

Best Practices

To ensure the security of your integration, follow these best practices:
  1. Keep your API key secret: Never expose your API key in client-side code or public repositories.
  2. Use environment variables: Store your API key in environment variables rather than hardcoding it in your application.
  3. Rotate your API keys: Regularly generate new API keys and update your applications to use them.
  4. Monitor API key usage: Regularly review your API key usage in the Straddle Dashboard to detect any unauthorized access.

Handling Authentication Errors

If your API key is invalid or has been revoked, you’ll receive a 401 Unauthorized response. Here’s an example of an authentication error response: 
{
  "error": {
    "code": "invalid_api_key",
    "message": "The provided API key is invalid or has been revoked."
  }
}
If you encounter this error, double-check that you’re using the correct API key and that it hasn’t been revoked or expired.

Next Steps

Now that you understand how to authenticate your API requests, you’re ready to start integrating with Straddle. Check out our API Reference for detailed information on available endpoints and how to use them.