Skip to main content

API Key Authentication

All API endpoints require authentication via an API key passed in the X-API-KEY header.

Getting Your API Key

You can find your API key in your Octanist dashboard under Settings > General > API Keys.
Make sure you are in the correct organization. The API key is organization-specific and if you get the wrong API key, you might see leads going to the wrong organization or other unwanted behavior.

Using Your API Key

Include your API key in the X-API-KEY header with every request: 
X-API-KEY: your_api_key_here

Example Request

curl -X GET "https://octanist.com/api/leads" \
  -H "X-API-KEY: your_api_key_here"

Testing Your API Key

You can validate your API key using the check endpoint: 
curl -X POST "https://octanist.com/api/check" \
  -H "X-API-KEY: your_api_key_here"
Success Response: 
{
  "success": true
}
Error Response: 
{
  "error": "Invalid or missing API key"
}

Security Best Practices

Keep your API key secure and never expose it in client-side code or public repositories.
  • Store your API key in environment variables
  • Rotate your API keys regularly
  • Monitor API usage for unusual activity

Error Responses

Authentication errors will return:
  • 401 Unauthorized - Invalid or missing API key
  • 403 Forbidden - API key valid but access denied (e.g., lead rejected by filtering rules)