Authentication
Learn how to authenticate your API requests using API keys.
API Keys
The Journey Foods API uses API keys to authenticate requests. You can view and manage your API keys in the Dashboard.
Your API keys carry many privileges, so be sure to keep them secure. Do not share your secret API keys in publicly accessible areas such as GitHub, client-side code, and so forth.
Authentication Header
All API requests must include your API key in the Authorization header:
HTTP Request
curl https://api.journeyfoods.com/v1/ingredients \
-H "Authorization: Bearer sk-jf-your-api-key-here" \
-H "Content-Type: application/json"Using Environment Variables
We recommend storing your API key in an environment variable rather than hardcoding it in your application:
.env
# .env file (never commit this!)
JOURNEYFOODS_API_KEY=sk-jf-your-api-key-hereapp.js
// Using environment variables (recommended)
import Journey Foods from 'journeyfoods';
const client = new Journey Foods({
apiKey: process.env.JOURNEYFOODS_API_KEY
});Security Best Practices
Keep your API keys secure
Never expose your API keys in client-side code, public repositories, or browser developer tools. Always make API calls from your backend server.
Recommended practices:
- Store API keys in environment variables or a secure secrets manager
- Use different API keys for development and production environments
- Rotate your API keys periodically
- Monitor API key usage in your dashboard for unusual activity
- Revoke and regenerate keys immediately if you suspect they have been compromised
API Key Format
Journey Foods API keys use the following format:
sk-jf-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxsk- Secret key prefixjf- Journey Foods identifier- Followed by 32 alphanumeric characters
Authentication Errors
If authentication fails, the API will return one of the following error codes:
| Status Code | Description |
|---|---|
| 401 | Invalid or missing API key |
| 403 | API key does not have permission for this resource |