Learn how to securely authenticate with the Squad Golf API, manage your API keys, and understand rate limits.
For production use
sk_live_abc123...For development and testing
sk_test_def456...Tip: Test keys return realistic mock data and don't count toward your rate limits. Use them during development to avoid accidentally hitting your limits.
Pass your API key in the Authorization header
curl -H "Authorization: Bearer sk_live_abc123..." https://api.squad.golf/api/v1/tournamentsPass your API key in a custom X-API-Key header
curl -H "X-API-Key: sk_live_abc123..." https://api.squad.golf/api/v1/tournaments// Using environment variables (recommended)
const { SquadGolfClient } = require('@squad-golf/api-client');
const client = new SquadGolfClient({
apiKey: process.env.SQUAD_GOLF_API_KEY // Load from environment
});
// Alternative: Direct HTTP with fetch
const response = await fetch('https://api.squad.golf/api/v1/tournaments', {
headers: {
'Authorization': `Bearer ${process.env.SQUAD_GOLF_API_KEY}`,
'Content-Type': 'application/json'
}
});Rate Limiting: When you exceed your rate limit, the API will return a 429 status code. The response includes headers indicating when you can make your next request.
Never hardcode API keys in your source code. Use environment variables or secure key management systems.
Store your API key in environment variables and load them at runtime.
Generate new API keys periodically and deactivate old ones.
Keep track of your API usage and set up alerts for unusual activity.
Never expose API keys in client-side JavaScript or mobile apps.
Always use HTTPS when making API requests to protect your keys in transit.