Authentication
The Passcreator API uses API Keys for authentication that are tied to a specific user account.
API Keys are scoped to your user account permissions, which means that if you only have access to certain templates, you'll only see these templates through the API, even if your customer account contains more. The API Key must be passed in the Authorization HTTP Header.
Obtaining an API Key
To obtain an API Key, follow these steps:
Steps to Create an API Key
- Visit Passcreator and log in.
- Navigate to Integrations → API Keys
Direct links
- Current UI: https://app.passcreator.com/customeruser/apikeys
- New beta UI : https://app.passcreator.com/ui/settings?view=api-keys
- Click the button to create a new API Key
- Enter a friendly name for the key (this helps you remember what you've used the key for)
- Click Create
The system will show you the API key immediately after creation. Due to the nature of how API Keys are stored, this key can't be restored later. If you lose your API Key, you'll need to generate a new one.
Using the API Key
To authenticate and authorize yourself when using the Passcreator API, you need to pass the API Key in the Authorization header of the HTTP request.
Authorization Header
- Name
Authorization- Type
- string
- (mandatory)
- Description
HTTP Header containing your API key. Replace yourApiKeyHere with your actual API key. The API Key should be passed directly in the Authorization header without any prefix like "Bearer".
Example HTTP Authorization Header
Authorization header
Authorization: yourApiKeyHere
Best Practice
We recommend following the principle of least privilege when creating API Keys.
- If you're building an integration that should only have access to a certain pass template, create a service user (a separate login) that is restricted to just that template
- Create an API key for that restricted user instead of using one that has access to all data in your account
- This approach minimizes security risks and provides better access control
Code Examples
The following examples demonstrate how to set the Authorization header in different programming languages. Replace yourApiKeyHere with your actual API key.
Authentication Examples
curl --location --request GET 'https://app.passcreator.com/api/pass/search/ab6427b6-26c9-4184-9e7b-7f2e4b2453ac/searchstring' \
--header 'Authorization: yourApiKeyHere'