Authentication
Learn how to securely authenticate your requests to the Safaribid API.
Authentication
The Safaribid API uses Bearer Tokens to authenticate requests. You can manage your API keys in the Developer Dashboard.
API Keys
We provide two types of API keys:
- Secret Keys: Used for server-side requests. Keep these keys secure and never expose them in client-side code.
- Publishable Keys: Used for client-side SDKs (e.g., tracking widgets).
Environments
Safaribid provides two distinct environments:
- Sandbox: Used for testing and integration. No real riders will be dispatched.
- Production: Used for live transactions.
| Environment | Key Prefix | Base URL |
|---|---|---|
| Sandbox | sk_test_ | https://sandbox.api.safaribid.com/v1 |
| Production | sk_live_ | https://api.safaribid.com/v1 |
How to Authenticate
Include your secret API key in the Authorization header of all your requests.
Authorization: Bearer YOUR_SECRET_KEYAuthentication Examples
curl -X GET https://api.safaribid.com/v1/account \
-H "Authorization: Bearer sk_live_your_key"const response = await fetch('https://api.safaribid.com/v1/account', {
headers: {
'Authorization': 'Bearer sk_live_your_key'
}
});import requests
headers = {
'Authorization': 'Bearer sk_live_your_key'
}
response = requests.get('https://api.safaribid.com/v1/account', headers=headers)Security Best Practices
- Never share your secret keys: If a key is compromised, revoke it immediately in the dashboard.
- Use Environment Variables: Store your keys in
.envfiles or secure vault systems. - Restrict IP Addresses: You can whitelist specific IP addresses for your API keys in the dashboard for added security.
- Monitor Usage: Regularly check your API logs for any suspicious activity.
Rate Limiting
To ensure platform stability, we enforce rate limits on all API keys:
- Sandbox: 10 requests per second.
- Production: 50 requests per second (can be increased for enterprise partners).
If you exceed these limits, the API will return a 429 Too Many Requests error.