Authentication Guide

Learn how to securely authenticate with the Website Categorization API using API keys and Bearer tokens.

API Authentication

The Website Categorization API uses API keys for authentication. Every request must include your API key in the Authorization header using the Bearer token scheme. This ensures secure access to the API while allowing you to track usage and manage access credentials.

Getting Your API Key

After creating your account, you can access your API key from the dashboard:

  1. Log in to your account at the dashboard
  2. Navigate to the API Keys section
  3. Copy your API key (starts with "wca_")

Making Authenticated Requests

Include your API key in the Authorization header of every request:

curl -X GET "https://api.websitecategorizationapi.com/v1/categorize?domain=example.com" \
  -H "Authorization: Bearer YOUR_API_KEY"

Example in different languages:

Python

import requests

headers = {
  "Authorization": "Bearer YOUR_API_KEY"
}

response = requests.get(
  "https://api.websitecategorizationapi.com/v1/categorize?domain=example.com",
  headers=headers
)

JavaScript

const response = await fetch(
  "https://api.websitecategorizationapi.com/v1/categorize?domain=example.com",
  {
    headers: {
      "Authorization": "Bearer YOUR_API_KEY"
    }
  }
);

Security Warning

Never expose your API key in client-side code, version control, or public repositories. API keys provide full access to your account and usage quota. Treat them like passwords.

Authentication Errors

The API returns specific error codes for authentication issues:

// 401 Unauthorized - Invalid or missing API key
{
  "error": "unauthorized",
  "message": "Invalid API key provided"
}

// 403 Forbidden - API key lacks required permissions
{
  "error": "forbidden",
  "message": "Your plan does not include access to this endpoint"
}

Security Best Practices

Use Environment Variables

Store your API key in environment variables rather than hardcoding it in your application:

# Set environment variable
export WCA_API_KEY="your_api_key_here"

# Access in Python
import os
api_key = os.environ.get("WCA_API_KEY")

# Access in Node.js
const apiKey = process.env.WCA_API_KEY;

Rotate Keys Regularly

Generate new API keys periodically and revoke old ones. This limits the impact if a key is compromised. You can generate new keys from your dashboard without service interruption.

Use Separate Keys per Environment

Create separate API keys for development, staging, and production environments. This allows you to track usage by environment and revoke individual keys if needed.

Server-Side Only

Make API calls from your server, never directly from client-side JavaScript. If you need client-side functionality, create a proxy endpoint on your server that handles authentication.

Monitor for Anomalies

Review your API usage regularly for unusual patterns that might indicate a compromised key. Set up usage alerts in your dashboard to be notified of unexpected spikes.

Related Resources

API Quickstart Best Practices Integration Guide Rate Limits Full Documentation FAQ Create Account Pricing Data Enrichment Contact Support

Ready to Get Started?

Create your account and get your API key in minutes.

Sign Up Free