Authentication

The Found Hero API uses API keys to authenticate requests. You can view and manage your API keys in the account settings page.

Each request you make to the API must include the following HTTP header in order to authenticate with Found Hero API:

fh-api-key: {YOUR_API_KEY}

Replace the YOUR_API_KEY with your own API key. All API requests must be made over HTTPS. Calls made over plain HTTP will fail. API requests without the above fh-api-key header will also fail.

Keep Your API Keys Secure

Your API keys carry many privileges, so be sure to keep them secure! Do not share your API keys in publicly accessible areas such as GitHub, client-side code, and so forth.

Make sure to familiarize yourself with security best practices around storing and using API keys. Never ever hard-code the API key into source control systems like Git, but extract this information into environment variables instead.

In the event, your API key is compromised, immediately revoke it from your account dashboard and create a new API key.