Authentication

Overview

ConsentProof uses API key authentication for all API requests. Each request must include your API key and secret in the request headers.

Creating API Keys

To create an API key:

1. Log in to your ConsentProof dashboard
2. Navigate to Settings → API Keys
3. Click Create New Key
4. Give your key a descriptive name (e.g., "Production Server")
5. Copy both the API key and secret immediately

Making Authenticated Requests

Authenticate your API requests using your API key and secret in request headers.

Required Headers

Include these headers with every API request:

const axios = require('axios');

const apiKey = 'cp_live_your_api_key_here';
const apiSecret = 'cs_live_your_api_secret_here';

axios.get('https://api.consentproof.io/api/v1/policies', {
  headers: {
    'Content-Type': 'application/json',
    'X-API-Key': apiKey,
    'X-API-Secret': apiSecret
  }
}).then(res => console.log(res.data));

Authentication Errors

If authentication fails, you'll receive one of these error responses:

{
  "success": false,
  "error": {
    "code": "UNAUTHORIZED",
    "message": "Invalid API key or secret"
  }
}

{
  "success": false,
  "error": {
    "code": "FORBIDDEN",
    "message": "API key does not have permission for this action"
  }
}

Security Best Practices

• Use environment variables

  Never hardcode API keys in your source code

• Rotate keys regularly

  Create new keys and revoke old ones periodically

• Use separate keys per environment

  Create different keys for development, staging, and production

• Never expose keys in client-side code

  API calls should always be made from your server