Getting StartedAuthentication
Authentication
Step-by-step guidance for secure Xaqiiji API integration.
API key authentication
Xaqiiji uses API key authentication for server-to-server requests.
Header
Authorization: Bearer xq_test_xxxxxxxxxxxxxxAPI key format
Test
xq_test_
Live
xq_live_
Secret storage
Store keys in environment variables or secure vaults. Never expose live API keys in frontend code.
Key rotation and revocation
Rotate keys regularly, use separate keys per application, revoke unused keys, and monitor API key usage.
Security best practices
Security rules
Never expose live API keys in frontend code
Store keys in environment variables
Rotate keys regularly
Use separate keys per application
Revoke unused keys
Use IP whitelisting for production
Monitor API key usage
Use least privilege access
Never commit API keys to GitHub or expose them in browser applications.
Edit this page
Was this page helpful?