What is an API key ?

When your application must be authenticated on the Toornament API, it'll use an API key. It represents some kind of login/password but designed for computer software. As for humans, an application only has a single API key, so keep it safe.

To obtain a valid key, you must simply create an application. After registering your application, you will find the API key on the profile of your application.

Note: This key should normally never change unless there is an abusive use or a security issue. In both cases, if an API key is revoked, you will be able find a new one on the profile of your application.

Authenticate using an API key

Since the API key functions like a login/password for your application, it'll be used to authenticate your application on the Toornament API. However, since a REST API is stateless, it'll not preserve any state between calls. Therefore, you need to authenticate your application on each call. This can be performed by using one of the two methods:

  • Adding the "X-Api-Key" HTTP header
  • Adding an "api_key" URL query parameter (dev only)

The HTTP header is strongly suggested for production environment because it is safer. It avoids leaking the key when an URL is copy-pasted or leaving the key visible in server logs. However, we also provide the query parameter method to facilitate your application's development.

HTTP header

GET /endpoint HTTP/1.1
Host: api.toornament.com
X-Api-Key: {api-key}

In case of abusive use or security issues, the API key may be revoked. In such case, a new API key will be generated and made available on the profile of your application.

URL query parameter (dev only)