Authentication

Authentication

Every request to the FourA API requires authentication. This page explains how to get, use, and manage your API key.

Getting Your API Key

  1. Sign in to the FourA Dashboard
  2. Go to the API Keys page
  3. Click Create Key
  4. Copy the key from the confirmation dialog

Your API key looks like this: pk_live_a1b2c3d4e5f6...

Keys created today are revealable: click the eye icon on the key's row later to bring the full secret back on demand (see Managing API Keys for the reveal flow and permissions). Legacy keys created before reveal shipped can't be brought back and show a lock icon; regenerate them once to switch over.

Using Your API Key

Include your API key in the X-API-Key header of every request:

curl -X POST https://eu.api.foura.ai/api/single/ \
  -H "X-API-Key: YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"method": "GET", "url": "https://example.com"}'

In Python:

import requests

response = requests.post(
    "https://eu.api.foura.ai/api/single/",
    headers={
        "X-API-Key": "YOUR_API_KEY",
        "Content-Type": "application/json"
    },
    json={"method": "GET", "url": "https://example.com"}
)

In Node.js:

const response = await fetch('https://eu.api.foura.ai/api/single/', {
  method: 'POST',
  headers: {
    'X-API-Key': 'YOUR_API_KEY',
    'Content-Type': 'application/json'
  },
  body: JSON.stringify({ method: 'GET', url: 'https://example.com' })
});

API Key Security

Treat your API key like a password:

  • Don't commit it to version control. Use environment variables instead.
  • Don't expose it in client-side code. Only use it in server-side applications.
  • Rotate if compromised. Regenerate the key from the Dashboard. The old secret stops working immediately, and every reveal is audit-logged so a stolen credential is easy to spot after the fact.

Using Environment Variables

Store your key in an environment variable:

export FOURA_API_KEY="pk_live_a1b2c3d4e5f6..."

Then reference it in your code:

import os
api_key = os.environ["FOURA_API_KEY"]
const apiKey = process.env.FOURA_API_KEY;

Common Authentication Errors

All authentication failures return a 401 Unauthorized status.

Error Message Cause Fix
401 Missing API key. Include X-API-Key header. No X-API-Key header in the request Add the X-API-Key header
401 Invalid API key Wrong key, extra whitespace, or deactivated key Verify the key, trim whitespace, or create a new key from the Dashboard

Every response, success or failure, carries an X-Foura-Request-Id header. Log it on your side so support can look up a specific call later.

Next Steps

Last updated: July 8, 2026