Authentication

API Keys

Your API keys carry many privileges, so be sure to keep them secure! Do not share your secret API keys in publicly accessible areas such as GitHub, client-side code, and so forth.

Getting Your API Key

1. Sign up at TurboAPI
2. Go to API Keys
3. Click "Create New Key"
4. Copy your secret key

Authentication Request

Include your API key in the Authorization header:

curl https://api.turboapi.ai/api/v1/apis \
  -H "Authorization: Bearer YOUR_API_KEY"

Environment Variables

Store your API key securely:

# .env
TURBOAPI_API_KEY=tbp_xxxxxxxxxxxxxxxxxxxxxxxx

Using in Code

import { TurboAPIClient } from '@turboapiai/sdk';

const client = new TurboAPIClient({
  apiKey: process.env.TURBOAPI_API_KEY,
});

from turboapi import TurboAPIClient

client = TurboAPIClient(api_key="YOUR_API_KEY")

import turboapi "github.com/turboapiai/turboapi-sdk-go"

client := turboapi.NewClient("YOUR_API_KEY")

Key Types

Security Best Practices

Never Expose API Keys in Client-Side Code

❌ Incorrect:

// Never do this in frontend code
const client = new TurboAPIClient({
  apiKey: 'tbp-1234567890abcdef', // Exposed key!
});

✅ Correct:

// Use server-side or secure environment only
const client = new TurboAPIClient({
  apiKey: process.env.TURBOAPI_API_KEY,
});

Use Appropriate Permissions

Create API keys with different permissions based on needs:

• Read-only keys for browsing available APIs
• Full access keys for executing API calls

Rotate Keys Regularly

1. Create a new API key in the Dashboard
2. Update your application with the new key
3. Remove the old key

Monitor Usage

Monitor your API usage in the Dashboard to ensure no unusual activity.

Troubleshooting

401 Unauthorized

If you receive a 401 error, check:

• Your API key is correct
• Your API key has not expired
• The Authorization header format is correct

403 Forbidden

If you receive a 403 error, check:

• Your API key has the required permissions
• Your account is in good standing
• You have not exceeded usage limits