Authentication

All RapidMule API requests require authentication using your API key. This section covers how to authenticate your requests and security best practices.

API Key Authentication

Include your API key in the Authorization header of every request:

Authorization: Bearer YOUR_API_KEY

Getting Your API Key

Log in to your RapidMule back office
Navigate to the Application Settings section
Copy your API key

Security Notice

Never expose your API key in client-side code or public repositories. Always use server-side applications for API calls.

Example

curl -X POST https://api.rapidmule.com/v1/action/process \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "login",
    "referenceId": "login-001",
    "playerId": "{{playerID}}"
  }'

Security Best Practices

1. Environment Variables

Store your API key in environment variables, never in code:

# .env file
RAPIDMULE_API_KEY=sk_live_1234567890abcdef

2. Scope and Permissions

API keys inherit the permissions of the user who created them. Ensure your API keys have only the necessary permissions for your use case.

Error Responses

Invalid API Key

{
    "code": 4001,
    "data": "Invalid AuthKey"
}

Resolution: Check the auth header.

Origin Mismatch

{
  "code": 4003,
  "data": "AuthKey and request origin mismatch"
}

Resolution: Use correct AuthKey.

API Key Authentication​

Getting Your API Key​

Example​

Security Best Practices​

1. Environment Variables​

2. Scope and Permissions​

Error Responses​

Invalid API Key​

Origin Mismatch​