In order to authenticate your access to the API you need two things:
These values have to be sent with each HTTP-request to the API in form of custom HTTP-headers:
X-Tinycc-User: [username] X-Tinycc-Key: [api-key]
Example:
X-Tinycc-User: john_s X-Tinycc-Key: 2cd573c2-33a5-41cc-94ce-6030e8a026b1
Alternatively, you can use your user name and API key for HTTP Basic Authentication.
Use your base64-encoded username:api-key in place of user:password header value.
Example:
johndoe:c2es9d56-045d-4d87-b3f2-419274f4e001
Full Authorization header will look like this:
Authorization: Basic am9obl9zOjJjZDU3M2MyLTMzYTUtNDFjYy05NGNlLTYwMzBlOGEwMjZiMQ==
For security it is important to grant your API keys only minimum necessary amount of privileges.
For example you can create read-only API-key by allowing use of only GET method. Or you can restrict API key access to certain domains in your account. Or you can restrict IP-addresses allowed to use that API key.
Please login to your account to manage your API keys and their permissions.
There is no limit on the number of API keys that may be created. Use this to your advantage and treat API-keys as disposable information. In case of suspicion of your API-key being disclosed better remove old key and create a new one.