Authentication

Send your key in the x-api-key header (format: whet_<uuid>)
Store keys in environment variables! Please don’t hardcode.

Name keys by purpose e.g. WHETDATA_REVIEW_NUDGES

CORS

If you call the API from your own backend, you generally don’t need to change CORS. If you proxy requests through your server, set appropriate CORS headers on your server’s responses:

Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: Content-Type, x-api-key

Avoid calling our API directly from client-side code. Keep your x-api-key on the server and forward requests through your backend.

Reporting

Found a security issue? Email contact@whetdata.com with steps to reproduce. Please avoid sharing sensitive details publicly.

Getting started

Reference

Actions

Security

Authentication

CORS

Reporting

Getting started

Reference

Actions

​Authentication

​CORS

​Reporting

Authentication

CORS

Reporting