Authentication
Learn how to authenticate your API requests with Rollyy.
API Keys
Rollyy uses API keys for authentication. Each key is tied to a specific tenant and environment.
Getting Your API Key
- Sign up at rollyy.com/signup
- Navigate to Settings → API Keys
- Click Create API Key
- Copy and securely store your key
warning
Never commit API keys to version control or expose them in client-side code.
Making Authenticated Requests
Include your API key in the X-API-Key header:
curl -H "X-API-Key: your-api-key-here" \
https://api.rollyy.com/v1/places
Python Example
import requests
headers = {
"X-API-Key": "your-api-key-here"
}
response = requests.get(
"https://api.rollyy.com/v1/places",
headers=headers
)
print(response.json())
JavaScript Example
const response = await fetch('https://api.rollyy.com/v1/places', {
headers: {
'X-API-Key': 'your-api-key-here'
}
});
const data = await response.json();
console.log(data);
Environment Variables
Store API keys as environment variables:
# .env
ROLLYY_API_KEY=your-api-key-here
import os
api_key = os.getenv('ROLLYY_API_KEY')
Key Rotation
Rotate keys regularly for security:
- Create a new API key
- Update your applications
- Delete the old key
Permissions
API keys can have different permission levels:
- Read-only - GET requests only
- Read-write - GET, POST, PUT, DELETE
- Admin - Full access including key management
Multi-Tenant Isolation
Each API key is scoped to a single tenant. Data is automatically filtered based on your tenant ID.
Troubleshooting
401 Unauthorized
- Check that your API key is correct
- Verify the key hasn't been deleted or expired
- Ensure the header name is
X-API-Key(case-sensitive)
403 Forbidden
- Your key may not have permission for this operation
- Contact support to upgrade permissions