Skip to main content

API Authentication

All authenticated API requests require an API key passed in the request headers.

Using API Keys

Include your API key in the X-Api-Key header:

Public Endpoints

Cubes with public access enabled can be accessed without authentication:
Public endpoints only return columns marked as public in the cube settings.

Security Best Practices

  • Store API keys in environment variables, not in source code
  • Use public access for client-side applications
  • Use API keys only in server-side code
  • Rotate keys if you suspect they’ve been compromised