Skip to main content
All TapKit API endpoints require authentication. The primary method is API key authentication.

API Key Authentication

Include your API key in the X-API-Key header: 
curl https://api.tapkit.ai/phones \
  -H "X-API-Key: TK_your_api_key_here"

API Key Format

TapKit API keys follow this format: 
TK_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
All keys start with TK_ followed by a random string.

Request Examples

GET Request

curl https://api.tapkit.ai/status \
  -H "X-API-Key: TK_your_api_key"

POST Request

curl -X POST https://api.tapkit.ai/phones/{phone_id}/tap \
  -H "X-API-Key: TK_your_api_key" \
  -H "Content-Type: application/json" \
  -d '{"x": 100, "y": 200}'

Error Responses

Invalid API Key

{
  "error": "INVALID_API_KEY",
  "message": "The provided API key is invalid or has been revoked"
}
HTTP Status: 401 Unauthorized

Missing Authentication

{
  "error": "AUTH_REQUIRED",
  "message": "Authentication is required"
}
HTTP Status: 401 Unauthorized

Getting Your API Key

  1. Sign in to the TapKit Dashboard
  2. Navigate to Settings > API Keys
  3. Click Create API Key
  4. Copy and securely store your key

Security Best Practices

Never expose API keys in client-side code, public repositories, or logs.
Store keys in environment variables rather than hardcoding:
export TAPKIT_API_KEY="TK_..."
Create new keys periodically and revoke old ones.
Maintain different keys for development, staging, and production.

Revoking Keys

Revoke compromised keys immediately via the dashboard:
  1. Go to Settings > API Keys
  2. Find the key and click Revoke
  3. Create a new key for your applications
Revoked keys are immediately invalidated.