The Tupel API uses HTTP Basic Auth to secure all requests. Every API request must include authentication credentials: a username (your Organization’s UID) and a password (your API key).
API Keys
You can manage your API keys through your Tupel dashboard. You can generate any number of keys and remove them as needed.
Authentication Method
For all API requests, use Basic Authentication with:
- Username: Your Organization's UID
- Password: Your API Key
All requests must be made over HTTPS. Requests over plain HTTP or without proper authentication will fail with a 401 Unauthorized response.
You can find both your API Keys and Organization UID in your dashboard. Read our help center article to learn more.
Security Best Practices
- Keep your API keys secure and never share them in publicly accessible areas
- Do not expose API keys in client-side code
- Use test keys for development and integration
- Rotate your API keys periodically to minimize security risks
- Use key expiration settings for temporary access needs
If you need to restrict API access to specific IP ranges, please contact support@tupel.com to discuss IP whitelisting options.
Token Expiration
API keys do not automatically expire by default. You can set custom expiration periods for keys through your dashboard or contact support to establish organization-wide key rotation policies.