Authentication

All API requests require authentication using an API key sent in the Authorization header.

API Keys

API keys are unique to your account and should be kept secure. You can find your API key in your dashboard.

Authentication Header

Include your API key in every request:

Authorization: Bearer YOUR_API_KEY

Example Request

curl -X GET "https://api.binlookupapi.com/v1/414720" \
     -H "Authorization: Bearer sk_live_1234567890abcdef"

Security Best Practices

Keep your API key secure

• Never commit API keys to version control
• Use environment variables to store keys
• Rotate keys periodically
• Use different keys for development and production

Use HTTPS

• All API requests must use HTTPS
• HTTP requests will be rejected

Limit key permissions

• Restrict API keys to specific IP addresses (Enterprise plan)
• Set appropriate rate limits for your use case

Key Types

Test Keys

• Start with sk_test_
• Limited to 100 requests per day
• Use for development and testing

Live Keys

• Start with sk_live_
• Full access based on your plan
• Use in production

Key Rotation

To rotate your API key:

1. Generate a new key in your dashboard
2. Update your application to use the new key
3. Test the new key in production
4. Delete the old key

Error Responses

Invalid or missing authentication will return a 401 error:

{
  "error": {
    "code": "unauthorized",
    "message": "Invalid or missing API key"
  }
}