The Trakkr API uses API key authentication to secure your requests. All API requests must include your API key in the Authorization header.

Getting Your API Key

  1. Visit trakkr.ai/api-keys
  2. Sign in to your account
  3. Generate a new API key
  4. Copy the key and keep it secure
Keep your API key secure! Never share your API key publicly or commit it to version control.

Using Your API Key

Include your API key in the Authorization header of all requests using the Bearer token format: 
Authorization: Bearer YOUR_API_KEY

Example Request

curl -X POST https://api.trakkr.ai/get-scores \
  -H "Authorization: Bearer sk_live_1234567890abcdef" \
  -H "Content-Type: application/json" \
  -d '{
    "brand": "0000000000000x000000000000000000",
    "breakdown": ["model"]
  }'

API Key Format

Your API key should be in the following format: 
sk_live_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Error Responses

If authentication fails, you’ll receive one of these error responses:

Missing API Key

{
  "error": "Missing API key",
  "errors": ["API key must be provided in the Authorization header as 'Bearer <api_key>'"]
}
Status Code: 401 Unauthorized

Invalid API Key

{
  "error": "Invalid API key",
  "errors": ["No accounts found for this API key"]
}
Status Code: 403 Forbidden

Authentication Error

{
  "error": "Authentication error",
  "errors": ["Could not validate API key against database"]
}
Status Code: 500 Internal Server Error

Security Best Practices

  1. Use HTTPS: Always make requests over HTTPS
  2. Keep keys secure: Store API keys in environment variables or secure key management systems

Environment Variables

Store your API key in environment variables: 
# .env file
TRAKKR_API_KEY=sk_live_1234567890abcdef

// JavaScript
const apiKey = process.env.TRAKKR_API_KEY;

# Python
import os
api_key = os.environ.get('TRAKKR_API_KEY')
Need to regenerate your key? Visit your API settings to create a new key and invalidate the old one.