Authentication
Learn how to authenticate with the SodiumHQ API
Overview
The SodiumHQ API supports two authentication methods:
- OAuth 2.0 - For applications that require user authorization
- API Keys - For server-to-server integrations and testing
Using API Keys
API keys are the simplest way to authenticate with the SodiumHQ API. They're ideal for:
- Server-to-server integrations
- Testing and development
- Internal tools and scripts
Getting Your API Key
To obtain an API key, contact your SodiumHQ account administrator.
Using API Keys in Requests
Include your API key in the x-api-key header with every request:
curl -X GET "https://api.sodiumhq.com/api/tenants" \
-H "x-api-key: your-api-key-here"Try It Out
You can use API keys to test endpoints directly in our interactive documentation. For example, try the List Clients operation:
- Navigate to any operation page (e.g., List Clients)
- Click the "Set API Key" button in the "Try it" section
- Enter your API key
- Fill in the required parameters
- Click "Execute" to make a real API call
Using OAuth 2.0
OAuth 2.0 is recommended for applications that require user authorization. This method allows users to grant your application access to their SodiumHQ data without sharing their password.
For detailed OAuth integration instructions, please contact our support team.
Security Best Practices
- Never commit API keys to version control - Use environment variables or secure configuration management
- Rotate keys regularly - Update your API keys periodically for enhanced security
- Use HTTPS only - All API requests must use HTTPS to protect your credentials
- Limit key permissions - Request only the minimum permissions needed for your use case