Skip to main content
Thiqwave authenticates requests using API keys. You pass your key in the X-API-Key header on every request.

Get your API key

  1. Log in to dashboard.thiqwave.com
  2. Navigate to Settings → API Keys
  3. Click Create New Key
  4. Copy the key and store it somewhere safe — it is only shown once
Never share your API key, hardcode it in source files, or commit it to version control. Treat it with the same care as a password.

Pass the key in requests

Include your API key as the X-API-Key header in every request. 
curl https://api.thiqwave.com/v1/partners/me \
  -H "X-API-Key: YOUR_API_KEY"
Store your key in an environment variable (e.g. THIQWAVE_API_KEY) and read it at runtime. Never hardcode it directly in your application code.

Key rotation

Rotate your API keys regularly to reduce the risk of a compromised credential causing lasting damage. To rotate a key:
  1. Create a new API key in Settings → API Keys
  2. Deploy your application with the new key
  3. Delete the old key once your deployment is confirmed healthy
You can have multiple active API keys simultaneously, so you can rotate without downtime. Use separate keys for development, staging, and production environments.

Rate limits

API keys are subject to per-minute and per-second request limits. See Rate Limits for current limits and best practices for handling 429 responses.

Authentication error codes

StatusMeaning
401Your X-API-Key header is missing or the key value is invalid
403Your key is valid but does not have permission to access this resource
429You have exceeded your rate limit — slow down and retry
If you receive a 401 and you are sure your key is correct, check that there are no extra spaces or newline characters around the key value.