Authentication

All API requests are authenticated with an API key passed in the Authorization header using Bearer authentication:

Authorization: Bearer ak_your_api_key

Generate and revoke API keys on the API Keys page of the developer portal.

Example authenticated request

import requests

API_KEY = "ak_your_api_key"
BASE    = "https://api.reachcell.com"

r = requests.get(
    f"{BASE}/v1/account",
    headers={"Authorization": f"Bearer {API_KEY}"},
)
data = r.json()["data"]
print(data["email"], data["account_status"])

<?php
$apiKey = 'ak_your_api_key';

$ch = curl_init('https://api.reachcell.com/v1/account');
curl_setopt_array($ch, [
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_HTTPHEADER     => ["Authorization: Bearer $apiKey"],
]);
$body = json_decode(curl_exec($ch), true);
curl_close($ch);

echo $body['data']['email'];

const API_KEY = 'ak_your_api_key';

const res  = await fetch('https://api.reachcell.com/v1/account', {
  headers: { Authorization: `Bearer ${API_KEY}` },
});
const { data } = await res.json();
console.log(data.email, data.account_status);

Authentication failures

If the key is missing the API returns HTTP 401 with code MISSING_API_KEY. If the key is invalid or revoked it returns HTTP 401 with code INVALID_API_KEY.

Best practices

Never expose keys in client-side code.
Use different keys for different environments.
Revoke keys immediately if compromised.
Monitor request counts in the portal.