The Dotfile API uses API keys to authenticate requests. The API key must be passed in the X-DOTFILE-API-KEY HTTP header of your API calls. Do not share your API key in publicly accessible areas, such as Repositories (Github, Gitlab), client-side code, and so forth.

All API requests must be made over HTTPS. API requests made over plain HTTP will fail. API requests without authentication will also fail.

Generate an API key

The API key is workspace wide and you can generate it in workspace settings > API keys. You need to be admin of the workspace to generate API keys.

We recommend you to generate one API key per environment you use (dev, staging, production) to increase the security.


Security concerns

Once you have create the API Key, you need to save it in a safe storage (password manager, secret manager) because we hash and encrypt it and you will have to generate a new one if you lost it.