Authentication
Learn how to authenticate with the PlaceIQ API.
PlaceIQ uses API keys to authenticate requests. Learn how to securely manage and use your API credentials.
API Key Types
PlaceIQ provides two types of API keys:
| Type | Prefix | Use Case |
|---|---|---|
| Live | pk_live_ | Production environment |
| Test | pk_test_ | Development and testing (unlimited calls) |
Using Your API Key
Include your API key in the Authorization header using the Bearer scheme:
Authorization: Bearer pk_live_your_api_key_hereExample Request
curl -X GET "https://api.placeiq.co/v1/areas" \
-H "Authorization: Bearer pk_live_abc123xyz789"Security Best Practices
Never expose keys in client-side code
Always make API calls from your backend server. Never include your API key in JavaScript that runs in the browser.
Use environment variables
Store your API key in environment variables, not in your code. Never commit keys to version control.
Rotate keys periodically
Generate new API keys regularly and deprecate old ones. You can manage keys in your dashboard.
Use test keys for development
Test keys don't count against your quota and return mock data. Switch to live keys only in production.
Managing API Keys
You can create, view, and revoke API keys from your dashboard settings. Each account can have up to 10 active API keys.
Authentication Errors
If authentication fails, you'll receive one of these errors:
| Code | Status | Description |
|---|---|---|
missing_api_key | 401 | No API key was provided |
invalid_api_key | 401 | The API key is malformed or doesn't exist |
revoked_api_key | 401 | The API key has been revoked |