Authentication

API Keys

What is an API Key?

An API Key is a unique identifier that acts like a password for your application. It’s a long string of characters that you include with every request to prove your identity.

Think of it like a VIP pass at an event - you show your pass (API key) at the door (with each API request), and the security guard (our servers) checks if it’s valid and what areas you’re allowed to access.

Getting and managing API Keys

To request an API key for your application:

  1. Go to https://www.fanvue.com/api-keys
  2. Click New API key
  3. To revoke your key click the bin icon in the table
API Keys

API Key Limitations and Scopes

One API Key Per User Each user can only have one active API key at a time. If you need a new API key, your existing one will be replaced.

Fixed Scopes Every API key comes with a specific set of scopes - these determine which resources and actions your application can access. Scopes define permissions like reading user data, accessing chat features, or managing creator content.

Scopes Cannot Be Changed Once an API key is issued with specific scopes, those permissions cannot be modified. If you need access to different resources or additional permissions, you’ll need to request a new API key with the appropriate scopes from your Fanvue representative.

Keeping Your API Keys Secure

Your API key is like a password - it gives access to your account and data. Here’s how to keep it safe:

Never Share Your Keys

  • Don’t include API keys in emails, chat messages, or documentation
  • Don’t share keys with team members who don’t need API access
  • Use environment variables instead of hardcoding keys in your application

Avoid Public Exposure

  • Never commit API keys to public GitHub repositories or version control
  • Don’t include keys in client-side code (websites, mobile apps) where users can see them
  • Be careful when sharing code snippets or asking for help online

Use Environment Variables Store your API key in environment variables rather than directly in your code:

$# In your .env file
>FANVUE_API_KEY=your_api_key_here

Monitor Usage

  • Regularly check your API usage to spot any unexpected activity
  • Contact us immediately if you suspect your key has been compromised

Making Requests with Your API Key

To authenticate your requests, include your API key in the X-Fanvue-API-Key header:

Example Request

$curl -X GET "https://api.fanvue.com/users/me" \
>  -H "X-Fanvue-API-Key: your_api_key_here" \
>  -H "Content-Type: application/json"
1// Using fetch in JavaScript
2const response = await fetch("https://api.fanvue.com/users/me", {
3  headers: {
4    "X-Fanvue-API-Key": process.env.FANVUE_API_KEY,
5    "Content-Type": "application/json",
6  },
7});
8
9const data = await response.json();
1# Using requests in Python
2import requests
3import os
4
5headers = {
6    'X-Fanvue-API-Key': os.getenv('FANVUE_API_KEY'),
7    'Content-Type': 'application/json'
8}
9
10response = requests.get('https://api.fanvue.com/users/me', headers=headers)
11data = response.json()

Important Notes:

  • Always include the X-Fanvue-API-Key header in every request
  • Use HTTPS only - never send API keys over unencrypted connections
  • Store your API key securely using environment variables or secure configuration management