Authentication

NotiGrid uses API keys to authenticate requests. Your API keys carry many privileges, so be sure to keep them secure.

API Keys

Creating API Keys

1. Log in to your NotiGrid Dashboard
2. Navigate to Settings → API Keys
3. Click Create API Key
4. Choose a name and select permissions:
   • Read Only - View notifications and settings
   • Write - Send notifications
   • Full Access - All operations including deletion
5. Click Create
6. Copy the key immediately - it won't be shown again

Using API Keys

Include your API key in the Authorization header of all API requests:

curl https://api.notigrid.com/v1/notifications \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json"

API Key Best Practices

1. Never commit keys to version control

   • Use environment variables
   • Add .env to .gitignore

2. Use different keys for different environments

   • Development key for testing
   • Production key for live traffic

3. Rotate keys regularly

   • Rotate every 90 days
   • Immediately rotate if compromised

4. Use minimal permissions

   • Create read-only keys for monitoring
   • Limit write keys to specific services

5. Monitor key usage

   • Review API logs regularly
   • Set up alerts for unusual activity

Environment Variables

Store API keys securely using environment variables:

Node.js

// .env
NOTIGRID_API_KEY=your_api_key_here

// app.js
require('dotenv').config();
const apiKey = process.env.NOTIGRID_API_KEY;

Python

# .env
NOTIGRID_API_KEY=your_api_key_here

# app.py
import os
from dotenv import load_dotenv

load_dotenv()
api_key = os.getenv('NOTIGRID_API_KEY')

PHP

// .env
NOTIGRID_API_KEY=your_api_key_here

// app.php
$apiKey = getenv('NOTIGRID_API_KEY');

Organization ID

In addition to your API key, you'll need your Organization ID for some requests:

curl https://api.notigrid.com/v1/templates \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "X-Organization-ID: YOUR_ORG_ID"

Find your Organization ID in Dashboard → Settings → Organization.

OAuth 2.0 (Coming Soon)

OAuth 2.0 authentication will be available for third-party integrations. This allows users to grant limited access to their NotiGrid account without sharing API keys.

Security

HTTPS Only

All API requests must use HTTPS. Requests over HTTP will be rejected.

Rate Limiting

API keys are subject to rate limits based on your plan:

• Free: 100 requests/minute
• Starter: 1,000 requests/minute
• Pro: 10,000 requests/minute
• Enterprise: Custom limits

See Rate Limits for details.

IP Whitelisting

Enterprise plans can restrict API access to specific IP addresses:

1. Go to Settings → API Keys
2. Click on your API key
3. Add allowed IP addresses
4. Save changes

Webhook Signing

Webhooks are signed with your webhook secret to verify authenticity. See Webhooks for details.

Troubleshooting

401 Unauthorized

Cause: Missing or invalid API key

Solution:

• Check that you're including the Authorization header
• Verify the key is correct (no extra spaces)
• Ensure the key hasn't been deleted or rotated

403 Forbidden

Cause: Insufficient permissions

Solution:

• Check the key has the required permissions
• Verify you're accessing the correct organization
• Contact support if you believe this is an error

429 Too Many Requests

Cause: Rate limit exceeded

Solution:

• Implement exponential backoff
• Reduce request frequency
• Upgrade to a higher plan for more capacity

API Key Management

Rotating Keys

To rotate an API key without downtime:

1. Create a new API key
2. Update your application to use the new key
3. Monitor for 24 hours to ensure all services updated
4. Delete the old key

Deleting Keys

Deleted keys are immediately invalidated and cannot be recovered. All requests using the deleted key will fail.

To delete a key:

1. Go to Settings → API Keys
2. Click the Delete button next to the key
3. Confirm deletion

Support

If you suspect your API key has been compromised:

1. Immediately delete the compromised key
2. Create a new key
3. Contact support: security@notigrid.com