Authentication

To successfully authorize API calls, use your organization’s API key as a value of the X-API-Key header.

--header 'x-api-key: {your-api-key}'

You can create an API Key in Studio.

Avatar API Get endpoint does not require authentication.

Keep your keys safe

Anyone can use your API key to make any API call on behalf of your account, such as creating an asset or modifying an authorized user's avatar. Keep your keys safe by following these best practices:

  • Grant access only to those who need it.

  • Don’t store keys in a version control system.

  • Control access to keys with a password manager or secrets management service.

  • Don’t embed a key where it could be exposed to an attacker, such as in a mobile, unity, or unreal application.

Restrictive API Keys

You can configure an API key to allow read or write access to specific API resources. It is recommended to define restricted keys that allow only the minimum access your services require to limit the damage in case of a compromised key.

Last updated