Skip to main content
The taap.it API uses API key-based authentication to secure access to your account and resources. All API requests must include a valid API key in the Authorization header.

API Key Overview

API keys provide secure access to your taap.it account and are created through the web application dashboard. Each API key is:
  • User-specific: Tied to your user account
  • Scoped: Can have full access, read-only access, or limited permissions
  • Secure: Prefixed with taapit_ and cryptographically generated

Creating API Keys

1

Access API Settings

Log into your taap.it dashboard and navigate to your user settings.
2

Generate New Key

In the “API Keys” section, click “Create API Key” and provide a descriptive name.
3

Set Permissions

Choose the appropriate permission level for your use case:
  • Full Access: Complete read/write access to all resources
  • Read Only: View-only access to all resources
  • Limited Access: Custom permissions for specific resources
4

Store Securely

Copy the generated API key immediately and store it securely.
API keys are only displayed once during creation. If lost, you’ll need to generate a new key.

Using API Keys

Include your API key in the Authorization header using the Bearer token format: 
Authorization: Bearer taapit_your_api_key_here

Example Requests

curl -X GET 'https://api.taap.it/v1/workspaces' \
  -H 'Authorization: Bearer taapit_abc123def456ghi789' \
  -H 'Content-Type: application/json'

Permission Levels

API keys can have different permission levels that control access to resources:

Full Access

Grants complete read and write access to all resources and endpoints.
  • Use case: Server-to-server integrations, administrative tools
  • Permissions: All read and write operations
  • Security: High - monitor usage carefully

Read Only

Provides view-only access to all resources without modification capabilities.
  • Use case: Analytics dashboards, reporting tools
  • Permissions: GET operations only
  • Security: Medium - data exposure limited to viewing

Limited Access

Custom permissions allow granular control over specific resources and operations.
  • Use case: Third-party integrations with specific needs
  • Permissions: Configurable per resource (domains, links, projects, workspaces, analytics)
  • Security: High - minimal necessary permissions

Security Best Practices

  • Store API keys in environment variables, not in code
  • Use secure key management services for production
  • Never commit API keys to version control
  • Rotate keys regularly for enhanced security
  • Use the principle of least privilege
  • Create separate keys for different environments
  • Monitor API key usage and set up alerts
  • Deactivate unused or compromised keys immediately
  • Always use HTTPS for API requests
  • Implement proper error handling
  • Use IP whitelisting when possible
  • Monitor for suspicious activity

Error Handling

Authentication Errors

{
  "detail": "Invalid API key"
}

Common Authentication Issues

  • Verify the key is copied correctly
  • Check that the key hasn’t been deactivated
  • Ensure you’re using the full key including the taapit_ prefix
  • Check if your API key has the required permissions
  • Verify you’re trying to access resources you own
  • Consider upgrading to a key with full access
  • Monitor your request frequency
  • Implement exponential backoff
  • Check the rate limit headers in responses

Migration Guide

If you’re migrating from another authentication method or upgrading your integration:
1

Create New API Key

Generate a new API key with appropriate permissions for your use case.
2

Test Integration

Update your application to use the new API key and test thoroughly.
3

Deactivate Old Key

Once confirmed working, deactivate any old authentication credentials.

Ready to authenticate?

Follow our quickstart guide to make your first authenticated API call.