The Fungies API uses API keys to authenticate requests. Every request must include valid authentication headers.
Getting Your API Keys
You can create and manage your API keys in the Fungies Dashboard.
You’ll receive two types of keys:
| Key Type | Prefix | Purpose |
|---|
| Public Key | pub_ | Required for all API requests |
| Secret Key | sec_ | Required for write operations (POST, PATCH, DELETE) |
# Required for all requests
x-fngs-public-key: pub_your_public_key_here
# Required for write operations
x-fngs-secret-key: sec_your_secret_key_here
Example Request
Here’s an example of a properly authenticated request:
curl -X GET "https://api.fungies.io/v0/products" \
-H "x-fngs-public-key: pub_your_public_key" \
-H "x-fngs-secret-key: sec_your_secret_key"
Security Best Practices
Your API keys grant access to your Fungies account. Keep them secure and never expose them publicly.
- Never commit keys to version control - Use environment variables instead
- Don’t expose keys in client-side code - Secret keys should only be used server-side
- Rotate keys regularly - Generate new keys periodically and revoke old ones
- Use separate keys for different environments - Keep production and development keys separate
HTTPS Required
All API requests must be made over HTTPS. Requests made over plain HTTP will be rejected.
Error Responses
If authentication fails, you’ll receive one of these responses:
| Status Code | Meaning |
|---|
401 Unauthorized | Missing or invalid API key |
403 Forbidden | Valid key but insufficient permissions |
