API Key Authentication
API keys are used for all programmatic access to the OMOPHub API. They provide:- Long-lived access: No expiration for continuous integration
- Granular permissions: Control access to specific resources
- Usage tracking: Monitor API consumption per key
- Multiple keys: Create keys for different environments
API Key Types
Personal API Keys
Personal API Keys
Individual developer keys
- Tied to your user account
- Inherit your account permissions
- Usage counts toward personal quota
- Can be revoked anytime
Team API Keys
Team API Keys
Shared keys for team collaboration (Coming Soon)
- Associated with team/organization
- Shared usage limits
- Role-based access control
- Audit logging per team member
Authentication Flow
API Authentication Flow
API Key Security
-
Environment Variables: Store keys in environment variables
- Key Rotation: Regularly rotate keys (every 90 days recommended)
- Separate Environments: Use different keys for dev/staging/production
- Monitor Usage: Check API key usage regularly for anomalies
Authentication Headers
API Key Authentication
Include your API key in the Authorization header:Troubleshooting
API Key Not Working
API Key Not Working
- Check the key hasn’t been revoked
- Verify you’re using the correct environment
- Confirm proper Authorization header format
Rate Limit Exceeded
Rate Limit Exceeded
- Check X-RateLimit headers in responses
- Implement exponential backoff
- Consider upgrading your plan
- Use caching to reduce requests