Legiti uses API keys to authenticate and authorize requests. You will receive two API keys from the Legiti Team:
The one that starts with lv_ (backend) and appid_live_ (frontend) is to be used in production
The one that starts with sbx_ and appid_sandbox (frontend) should be used during testing
Your API keys carry many privileges, so be sure to keep them secure! Do not share your secret API keys in publicly accessible areas such as GitHub, client-side code, and so forth.
To prevent our models from training on developer-generated data instead of production data, please use the Sandbox API key for all development and testing. The Sandbox API key will also be provided to you by Legiti.
This is the API key that starts with sandbox_
Authorization with Legiti's REST API
Any time you make a request to one of Legiti's REST endpoints (for collection or evaluation), you must send this API key in a request header in the following format (OAuth 2.0):
Authorization: Bearer <yourJWT-formatAPIkeyhere>
All API requests must be made over HTTPS. Calls made over plain HTTP will fail. API requests without authentication will also fail.
Please remember to use the Sandbox API key when testing (the one that starts with sbx_ for backend and appid_sandbox for frontend).
Authorization with Frontend SDKs
You will use the same API key for authenticating the frontend SDKs. You will only need to provide the API key once, however, during SDK initialization. Read more in Collection SDK setup. (Note: please remember to use your Sandbox API key when testing your integration with the collection SDKs as well.)