To authenticate requests, you must provide your API key or personal access token as a bearer token in the Authorization header.

"Authorization": "Bearer <API key>"

API keys contain the prefix fqa_live_ and are in the format fqa_live_<alphanumeric>:api_<alphanumeric>.

Note that API keys are scoped to a team, so you will be unable to make requests to /users endpoints. If you would like to access both your user account and any teams you are associated with, use a personal access token.

Your API keys carry many privileges, so be sure to keep them secure! Do not share your secret API keys in publicly-available places such as client-side code or commit them to your repository’s source code. We recommend using a secrets manager such as Doppler or Infisical to store your API keys.

Create and manage API keys

To create or manage your API keys, go to Settings -> Integrations and click on “Settings” under API keys. On the API keys page, you can view and manage your existing API keys or click on “Create API key” on the top right to create a new one.

You can name your API key and optionally add scopes (Read or Write), IP ranges, and expiration dates. Once you create an API key, the key will be copied to your clipboard and you will have the option to download a TXT file with the key. Note that you will not be able to view the key again, so be sure to save it in a secure location. If you lose your key, you can always create a new one by clicking on “Regenerate API key” in the menu.

Authorization errors

If you do not provide a valid API key or personal access token when making a request, you will receive a 401 Unauthorized response. If your API key does not have the necessary scopes to perform an action, you will receive a 403 Forbidden response.