Skip to main content

Overview

Request Network API supports two authentication modes:
  • x-api-key for server-side integrations
  • x-client-id for browser/client integrations (with Origin header)
Use this page as the canonical auth reference. Client IDs are managed in the Request Dashboard; webhooks are managed programmatically via the Auth API (POST /v1/webhook with the x-client-id header).

Choose the Right Method

API Key Authentication

Use API keys for backend calls.

Example

cURL

Client ID Authentication

Use Client ID when your integration needs browser-side authentication flow.

Example

cURL
For browser-based requests, Origin is part of the request context and is required for Client ID auth.

Header Reference

  • x-api-key: API key used for server-side auth
  • x-client-id: Client identifier used for client-side auth
  • Origin: required with Client ID flows in browser contexts

Common Authentication Errors

401 Unauthorized

  • Missing auth header
  • Invalid/expired API key or client ID

403 Forbidden

  • Credentials are valid but not allowed for the requested operation
  • Client ID is revoked or restricted

429 Too Many Requests

  • Request rate exceeded for your credentials

Security Guidance

  • Keep API keys server-side and out of frontend bundles
  • Store credentials in environment variables or secret managers
  • Rotate compromised credentials immediately
  • Verify webhook signatures independently (webhook signing uses a separate secret)

Dashboard

Create credentials and manage webhook configuration.

Webhooks

Signature verification and delivery behavior.

OpenAPI Reference

Full endpoint authentication requirements.