Knips logoKnips API

Authentication

How to authenticate requests to the Knips Public API.

Every request is authenticated using HTTP Basic authentication. Your credentials are a pair: an access key and a secret.

Sending your credentials

Send the access key as the username and the secret as the password:

curl https://api.knips.tech/feeds \
  -u "ACCESS_KEY:SECRET"

That produces the header:

Authorization: Basic <base64("ACCESS_KEY:SECRET")>

Both parts are required — a request missing either is rejected with 401 unauthorized.

Getting credentials

API keys are issued per workspace. When a key is created you receive an access key and a secret (two short, opaque strings). Store both when the key is created, and keep the secret somewhere safe.

A key is scoped to the workspace it belongs to — the data you can reach is the data that workspace can see.

Keep your secret safe

Treat the secret like a password. Never embed it in client-side code, mobile apps, or public repositories — anyone with the pair can act as your workspace.

  • Store credentials in a secret manager or environment variable, never in source control.
  • Rotate a key immediately if you suspect the secret has leaked.
  • Use a separate key per integration so you can revoke one without breaking the others.

Getting started

Make your first call to the Public API.

API basics

Base URL, formats and conventions used across the API.

On this page

Sending your credentialsGetting credentialsKeep your secret safe