Authentication

Learn how to authenticate with the TruCustom API using API keys.

API Keys

All TruCustom API requests must include an API key for authentication. API keys are tied to your account and can have different permission scopes.

Creating an API Key

1. Log in to your Dashboard
2. Navigate to API Keys in the sidebar
3. Click "Create API Key"
4. Configure the key:
   • Name: A descriptive name (e.g., "Production Server")
   • Scopes: Permission levels for this key
   • Expiration: Optional expiration date
5. Copy and securely store the generated key

Using Your API Key

Include your API key in the Authorization header of every request:

Bearer Token (Recommended)

Authorization: Bearer tc_a1b2c3d4e5f6...

X-API-Key Header (Alternative)

X-API-Key: tc_a1b2c3d4e5f6...

Example Request

curl -X GET "https://trucustom.net/api/v1/products" \
  -H "Authorization: Bearer tc_your_api_key" \
  -H "Content-Type: application/json"

API Key Scopes

API keys can have one or more permission scopes:

Error Responses

401 Unauthorized

Returned when no API key is provided or the key is invalid:

{
  "error": "Unauthorized",
  "message": "Invalid or missing API key..."
}

403 Forbidden

Returned when your API key doesn't have the required scope:

{
  "error": "Forbidden",
  "message": "This action requires the 'write' scope..."
}

Security Best Practices

• Never expose API keys in client-side code - Use server-side requests only
• Use environment variables - Don't hardcode keys in your codebase
• Rotate keys regularly - Create new keys and revoke old ones periodically
• Use minimal scopes - Only request the permissions you need
• Set expiration dates - For temporary or development keys
• Monitor usage - Check your dashboard for unusual activity

Key Format

API keys follow this format:

tc_[64 character hex string]

The tc_ prefix identifies TruCustom keys. The first 8 characters after the prefix are the "key prefix" shown in your dashboard for identification.