1. X-JoJAPI-Key Header
Send your API key via the customX-JoJAPI-Key HTTP header.
Example:
2. Authorization Header
Pass your API key directly through theAuthorization header without any prefix.
Example:
3. Bearer Token
Use theAuthorization header with the Bearer scheme followed by your API key.
Example:
4. Basic Token
Send your API key using HTTP Basic Authentication. TheAuthorization header should contain the word Basic, followed by a base64-encoded string of apikey:apikey.
Example:
Note:
To encode:
echo -n "YOUR_API_KEY:YOUR_API_KEY" | base64
Restricting a Key to Specific APIs
By default, an API key works on every API you are subscribed to. You can limit a key to a specific set of APIs from Workspace → API Keys: click API access on a key, turn off Access to all APIs, and tick the APIs the key is allowed to call. When a key is restricted, the gateway rejects any request it makes to an API outside its allowed list with a403 response. This is useful for separating environments, sharing a narrowly-scoped key with a teammate, or limiting exposure if a key is ever leaked. You can change a key’s access — or return it to all APIs — at any time.
📌 Notes:
- Replace
YOUR_API_KEYwith your actual API key.
