Authentication
The Platform API uses API keys to authenticate requests. You need to include your API key in the Authorization header of every request.
API Keys
Section titled “API Keys”API keys are provided when you create a managed platform account. Each key is associated with a specific account and has its own set of permissions.
Authorization Header
Section titled “Authorization Header”All API requests must include your API key in the Authorization header using the Bearer scheme:
Authorization: Bearer your-api-keyExample request using curl:
curl -X GET "https://platform.tiptreesystems.com/api/v1/messages/all" \ -H "Authorization: Bearer your-api-key"Example request using Python:
import requests
headers = { "Authorization": "Bearer your-api-key"}
response = requests.get( "https://platform.tiptreesystems.com/api/v1/messages/all", headers=headers)Example request using TypeScript:
const headers = { "Authorization": `Bearer your-api-key`};
const response = await fetch("https://platform.tiptreesystems.com/api/v1/messages/all", { headers});Security Best Practices
Section titled “Security Best Practices”-
Keep your API key secure
- Never share your API key or commit it to version control
- Use environment variables to store your API key
- Rotate your API key if you suspect it has been compromised
-
Use HTTPS
- Always use HTTPS to make API requests
- Never send API keys over unencrypted connections
-
Minimal Scope
- Use different API keys for different environments (development, staging, production)
- Request only the permissions you need for your use case
Error Handling
Section titled “Error Handling”If authentication fails, the API will return a 401 Unauthorized response:
{ "detail": "Invalid API key"}Common authentication errors:
- Missing Authorization header
- Invalid API key format
- Expired API key
- Revoked API key
- Insufficient permissions
See the Error Handling section for more details on API errors.