Xác thực API

Bảo mật yêu cầu API của bạn bằng xác thực

Tổng quan

The Toolify API uses API Key authentication to validate requests. All API requests require an API key to be included in the request headers.

Lấy API Key của bạn

  1. Sign up for a Toolify account or log in to your existing account
  2. Navigate to your API Dashboard at /api/authentication
  3. Your API key will be displayed - copy it and keep it safe
  4. Use this key in all your API requests
Important: Your API key is sensitive information. Never share it publicly or commit it to version control. If you suspect your key has been compromised, regenerate it immediately.

Phương pháp Xác thực

Authentication Methods

Choose one of the following authentication methods:

Include your API key in the X-API-Key header (Recommended):

curl -X GET https://api.toolify.io/api/v1/balance \
  -H "X-API-Key: your_api_key_here" \
  -H "Content-Type: application/json"

Use your API key as a Bearer token in the Authorization header:

curl -X GET https://api.toolify.io/api/v1/balance \
  -H "Authorization: Bearer your_api_key_here" \
  -H "Content-Type: application/json"

Ví dụ Mã

Here are examples of how to authenticate with the Toolify API in different languages:

const fetch = require('node-fetch');

const response = await fetch('https://api.toolify.io/api/v1/balance', {
  method: 'GET',
  headers: {
    'X-API-Key': 'your_api_key_here',
    'Content-Type': 'application/json'
  }
});

const data = await response.json();
console.log(data);
import requests

headers = {
    'X-API-Key': 'your_api_key_here',
    'Content-Type': 'application/json'
}

response = requests.get(
    'https://api.toolify.io/api/v1/balance',
    headers=headers
)

data = response.json()
print(data)
 [
        'method' => 'GET',
        'header' => "X-API-Key: $api_key\r\n" .
                    "Content-Type: application/json\r\n"
    ]
]);

$response = file_get_contents($url, false, $context);
$data = json_decode($response, true);
print_r($data);
?>

Các Thực hành Bảo mật Tốt nhất

  • Never expose your API key in client-side code, public repositories, or logs
  • Use environment variables to store your API key in your application
  • Rotate your API key regularly by regenerating it from your dashboard
  • Monitor API usage for unusual activity that might indicate compromised keys
  • Use HTTPS only for all API requests to encrypt data in transit
  • Implement rate limiting to prevent abuse and brute force attacks

Phạm vi API Key

Your API key grants access to:

  • Checking your account balance
  • Creating and managing tasks (extraction, verification, etc.)
  • Listing your completed tasks
  • Retrieving task results

API keys do not grant access to account settings, billing information, or other user data.

Khắc phục sự cố

401 Unauthorized

This error occurs when your API key is missing, invalid, or expired. Make sure:

  • Your API key is correctly included in the request headers
  • There are no extra spaces or characters in your API key
  • Your key hasn't been revoked or regenerated

403 Forbidden

This error means your API key is valid but doesn't have permission for the requested action. This typically shouldn't happen with standard API keys.

Bước tiếp theo

Now that you understand authentication, explore the full API endpoints reference.

View API Endpoints →