Back to Documentation

Authentication

Learn how to authenticate your API requests using API keys

Quick Summary

RivalPrice API uses API key authentication. Include your API key in the Authorization header as a Bearer token for all API requests. API keys can only be used for data access, not for managing other API keys.

Getting Your API Key

1

Sign up for an account

Create a RivalPrice account and choose a plan that fits your needs.

Sign Up
2

Navigate to API Keys

Go to your dashboard and click on your profile, then select "API Keys" from the menu.

3

Create a new API key

Click "Create API Key", give it a descriptive name, and save the generated key securely.

Using Your API Key

Include your API key in the Authorization header of every request as a Bearer token:

Authorization Header
Authorization: Bearer rp_live_your_api_key_here

Example Request

cURL
curl https://api.rivalprice.app/products \
  -H "Authorization: Bearer rp_live_your_api_key_here"
JavaScript (Node.js)
const response = await fetch('https://api.rivalprice.app/products', {
  headers: {
    'Authorization': 'Bearer rp_live_your_api_key_here',
    'Content-Type': 'application/json'
  }
});
const data = await response.json();
Python
import requests

headers = {
    'Authorization': 'Bearer rp_live_your_api_key_here',
    'Content-Type': 'application/json'
}

response = requests.get('https://api.rivalprice.app/products', headers=headers)
data = response.json()
PHP
<?php
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'https://api.rivalprice.app/products');
curl_setopt($ch, CURLOPT_HTTPHEADER, [
    'Authorization: Bearer rp_live_your_api_key_here',
    'Content-Type: application/json'
]);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$response = curl_exec($ch);
$data = json_decode($response);
curl_close($ch);

API Key Format

RivalPrice API keys follow a specific format for easy identification:

rp_live_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
rp_ - RivalPrice prefix
live_ - Environment identifier
xxxxxxxx... - Unique key identifier

Managing API Keys

Creating Keys

You can create multiple API keys for different applications or environments. Each key can have a custom name for easy identification.

POST /api-keys
Viewing Keys

You can list all your API keys. Only the key prefix is shown for security. The full key is only displayed once when created.

GET /api-keys
Revoking Keys

If a key is compromised, revoke it immediately. Revoked keys cannot be reactivated - you'll need to create a new one.

DELETE /api-keys/:id

Security Best Practices

Never expose your API key in client-side code

API keys should only be used in server-side code. Never include them in JavaScript that runs in the browser, mobile apps, or any publicly accessible code repositories.

Store keys securely

Use environment variables or secure secret management services to store your API keys. Never commit them to version control.

Use different keys for different environments

Create separate API keys for development, staging, and production environments. This makes it easier to rotate keys and trace usage.

Rotate keys regularly

As a security best practice, consider rotating your API keys periodically, especially if they may have been exposed or if team members with access have left.

Important Notes

API keys cannot be used to manage other API keys. To create, update, or delete API keys, you must authenticate using Firebase authentication (your account login). This prevents a compromised API key from being used to generate new keys.

The full API key is only shown once. When you create a new API key, make sure to copy and save it securely. You won't be able to view the full key again.

Rate limits apply per API key. Each API key has its own rate limit based on your subscription plan. See the Rate Limits documentation for details.

Next Steps

Quick Start Guide
Start making API calls in minutes with our quick start guide
API Reference
Explore all available endpoints and their parameters