Skip to main content
JoJ API Keys provide secure access to APIs listed on the JoJ API Marketplace, allowing you to integrate these APIs into your software and applications. You can manage your API keys — including creating new keys, deleting existing ones, restricting a key to specific APIs, or assigning custom names for easier organization. JoJ API supports multiple authentication methods using your API keys. Below are the available options, along with brief explanations and usage examples:

1. X-JoJAPI-Key Header

Send your API key via the custom X-JoJAPI-Key HTTP header. Example:
X-JoJAPI-Key: YOUR_API_KEY

2. Authorization Header

Pass your API key directly through the Authorization header without any prefix. Example:
Authorization: YOUR_API_KEY

3. Bearer Token

Use the Authorization header with the Bearer scheme followed by your API key. Example:
Authorization: Bearer YOUR_API_KEY

4. Basic Token

Send your API key using HTTP Basic Authentication. The Authorization header should contain the word Basic, followed by a base64-encoded string of apikey:apikey. Example:
Authorization: Basic BASE64_ENCODED_APIKEY
Note:
To encode:
echo -n "YOUR_API_KEY:YOUR_API_KEY" | base64

Restricting a Key to Specific APIs

By default, an API key works on every API you are subscribed to. You can limit a key to a specific set of APIs from Workspace → API Keys: click API access on a key, turn off Access to all APIs, and tick the APIs the key is allowed to call. When a key is restricted, the gateway rejects any request it makes to an API outside its allowed list with a 403 response. This is useful for separating environments, sharing a narrowly-scoped key with a teammate, or limiting exposure if a key is ever leaked. You can change a key’s access — or return it to all APIs — at any time.

📌 Notes:

  • Replace YOUR_API_KEY with your actual API key.