Skip to main content
TapKit uses API keys to authenticate requests. Each API key is associated with your organization and grants access to all phones registered under your account.

Getting Your API Key

  1. Sign in to the TapKit Dashboard
  2. Navigate to Settings > API Keys
  3. Click Create API Key
  4. Copy your key and store it securely
API keys are sensitive credentials. Never commit them to version control or expose them in client-side code.

Using Your API Key

With the Python SDK

The SDK looks for your API key in this order:
  1. Explicit parameter - Passed directly to the client
  2. Environment variable - TAPKIT_API_KEY
from tapkit import TapKitClient

# Option 1: Pass directly
client = TapKitClient(api_key="your-api-key")

# Option 2: Use environment variable
import os
os.environ["TAPKIT_API_KEY"] = "your-api-key"
client = TapKitClient()  # Reads from TAPKIT_API_KEY

With the REST API

Include your API key in the X-API-Key header: 
curl https://api.tapkit.ai/phones \
  -H "X-API-Key: your-api-key"

API Key Format

TapKit API keys follow this format: 
TK_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Keys always start with TK_ followed by a random string.

Best Practices

Store your API key in an environment variable rather than hardcoding it:
export TAPKIT_API_KEY="TK_your_key_here"
Your code stays clean and your key stays secure:
client = TapKitClient()  # Automatically reads TAPKIT_API_KEY
Create new API keys periodically and revoke old ones. This limits the impact if a key is compromised.
Create separate API keys for development, staging, and production. This makes it easier to revoke access without affecting other environments.

Revoking API Keys

If you believe an API key has been compromised:
  1. Go to the TapKit Dashboard
  2. Navigate to Settings > API Keys
  3. Find the compromised key and click Revoke
  4. Create a new API key and update your applications
Revoked keys are immediately invalidated and cannot be used for any requests.

Error Responses

If authentication fails, you’ll receive a 401 Unauthorized response: 
{
  "error": "INVALID_API_KEY",
  "message": "The provided API key is invalid or has been revoked"
}
Common causes:
  • The API key is incorrect or malformed
  • The API key has been revoked
  • The X-API-Key header is missing