Authentication
Secure your API requests with API keys and secrets
Overview
All Opttab API requests require authentication using an API key and secret. These credentials must be included in your request headers for every API call.
Security Note
Your API secret is shown only once during key creation. Store it securely. API secrets are hashed using SHA-256 in our database.
Authentication Headers
Include these headers in every API request:
X-API-Key: opttab_abc123def456ghi789...
X-API-Secret: your-secret-key-hereAPI Key Format
API Key
Format: opttab_ prefix + 40 random characters
opttab_a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0
API Secret
64-character random string (SHA-256 hashed in database)
X7y8Z9a0B1c2D3e4F5g6H7i8J9k0L1m2N3o4P5q6R7s8T9u0V1w2X3y4Z5a6B7c8
Generating API Keys
-
1
Login to Dashboard
Sign in to your Opttab account at opttab.com/login
-
2
Navigate to API Settings
Go to Dashboard → API Keys → Generate New Key
-
3
Name Your Key
Give it a descriptive name (e.g., "Production API", "Development Key")
-
4
Save Credentials
Important: Copy both key and secret immediately - secret is only shown once!
Example Requests
cURL
curl "https://opttab.com/api/v1/ai/budget-status" \
-H "X-API-Key: opttab_abc123..." \
-H "X-API-Secret: your-secret-here"Python
import requests
headers = {
"X-API-Key": "opttab_abc123...",
"X-API-Secret": "your-secret-here"
}
response = requests.get(
"https://opttab.com/api/v1/ai/budget-status",
headers=headers
)
if response.status_code == 200:
data = response.json()
print(data)
else:
print(f"Error: {response.status_code}")JavaScript (Node.js)
const axios = require('axios');
const headers = {
'X-API-Key': 'opttab_abc123...',
'X-API-Secret': 'your-secret-here'
};
const response = await axios.get(
'https://opttab.com/api/v1/ai/budget-status',
{ headers }
);
console.log(response.data);PHP
$ch = curl_init();
curl_setopt_array($ch, [
CURLOPT_URL => 'https://opttab.com/api/v1/ai/budget-status',
CURLOPT_RETURNTRANSFER => true,
CURLOPT_HTTPHEADER => [
'X-API-Key: opttab_abc123...',
'X-API-Secret: your-secret-here'
]
]);
$response = curl_exec($ch);
$data = json_decode($response, true);
curl_close($ch);
print_r($data);Security Best Practices
Use Environment Variables
Store API credentials in environment variables, never in your code:
OPTTAB_API_KEY=opttab_abc123...
Never Commit Credentials
Add your credentials file to .gitignore to prevent accidental commits.
Rotate Keys Regularly
Generate new keys every 6-12 months and set expiration dates for enhanced security.
Use HTTPS Only
Always use HTTPS for API requests. Our API rejects non-HTTPS requests.
Revoke Compromised Keys
If your credentials are exposed, immediately revoke them from your dashboard and generate new ones.
Authentication Errors
401 Unauthorized
Invalid or missing API key/secret. Verify your credentials are correct and included in headers.
403 Forbidden
API key is valid but doesn't have permission for this resource or your account type doesn't allow this action.
Example Implementation
Python SDK Class
import requests
import os
class OpttabClient:
def __init__(self, api_key=None, api_secret=None):
self.api_key = api_key or os.getenv('OPTTAB_API_KEY')
self.api_secret = api_secret or os.getenv('OPTTAB_API_SECRET')
self.base_url = "https://opttab.com/api/v1/ai"
if not self.api_key or not self.api_secret:
raise ValueError("API key and secret are required")
def _make_request(self, method, endpoint, data=None):
url = f"{self.base_url}{endpoint}"
headers = {
"X-API-Key": self.api_key,
"X-API-Secret": self.api_secret,
"Content-Type": "application/json"
}
response = requests.request(method, url, json=data, headers=headers)
if response.status_code == 401:
raise Exception("Authentication failed. Check your API credentials.")
return response.json()
def get_budget_status(self):
return self._make_request('GET', '/budget-status')
def create_content_request(self, request_data):
return self._make_request('POST', '/content-requests', request_data)
# Usage
client = OpttabClient()
status = client.get_budget_status()
print(status)