Authentication
Every API request authenticates via HTTP Basic: the API key is the username, the password is blank.
Every request must include your API key via HTTP Basic auth: the API key is the username and the password is empty.
curl -u "$CONVERTERER_API_KEY:" https://api.converterer.com/convert ...The trailing colon after $CONVERTERER_API_KEY is important: it tells cURL that the username is $CONVERTERER_API_KEY and the password is the empty string after the colon. Without the colon, cURL would prompt interactively.
In code
In any HTTP client, set the Authorization header to the Basic-encoded key: (note the trailing colon):
import os, requests
requests.get(url, auth=(os.environ["CONVERTERER_API_KEY"], ""))const auth = 'Basic ' + Buffer.from(`${process.env.CONVERTERER_API_KEY}:`).toString('base64');
fetch(url, { headers: { Authorization: auth } });API keys are bound to a destination
API keys are tied to a single destination, the storage location your converted files end up in. Treat them like passwords: anyone with the key can submit conversions and access the files in that destination.
Requests without a valid key receive 401 Unauthorized.
Rotation
You can issue and revoke API keys from the dashboard. Old keys stop working immediately on revocation. There’s no grace period, so coordinate rotation with your deploys.