Authentication

Whetdata supports API key authentication.

API Key Authentication

Send your key in the x-api-key header (format: whet_<uuid>)
Store keys in environment variables! Please don’t hardcode.

Name keys by purpose e.g. WHETDATA_REVIEW_NUDGES

CORS

If you call the API from your own backend, you generally don’t need to change CORS. If you proxy requests through your server, set appropriate CORS headers on your server’s responses:

Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: Content-Type, x-api-key

Avoid calling our API directly from client-side code. Keep your x-api-key on the server and forward requests through your backend.

Reporting

Found a security issue? Email [email protected] with steps to reproduce. Please avoid sharing sensitive details publicly.

Getting started

Reference

Actions

Security

Authentication

API Key Authentication

CORS

Reporting

Getting started

Reference

Actions

​Authentication

​API Key Authentication

​CORS

​Reporting

Authentication

API Key Authentication

CORS

Reporting