API Key Authentication

The API Key Authentication is an alternative to Http Basic Authentication, that improves authentication security by avoiding the usage of user's credentials. Instead of, a random generated unique key, called the API Key, is used. This key does not contain any sensitive data, so it may be stored on 3rd party location. 

As in the Http Basic Authentication, also a API Key has to be provided with any request as Authorization header.

Authorization: "apiKey {put-API-key-here}"

Replace {put-API-key-here} with your generated API Key. Example:

Authorization: "apiKey HT5tI2DfA9TviUmPwzw8eePVW0zgMvfUyHwEQn5iiHmIT7BAjSKEAlopnqCXKhgcXsjTgcZbg4KeaZyGytTVL"


There are two types of API Key:

  • user key, which current user generates for himself. This key only authenticates the user. Request, that access company recources, requires Company identification.
  • user-and-company key, which current user generates for any user and current company. This key authenticates the user and includes company identification. Additional Company identification in request is not allowed.



POST https://api.profit365.eu/1.6/sales/invoices

ClientID: 15a38fc2-1fb8-4b73-bd20-586e55494d2c
ClientSecret: sc1vcOTTFLuqjFa5u08UKtKaWl48XSqlm8jMQvrnXnuPvRjqTPgIDI6P1YcR  
Authorization: apikey HT5tI2DfA9TviUmPwzw8eePVW0zgMvfUyHwEQn5iiHmIT7BAjSKEAlopnqCXKhgcXsjTgcZbg4KeaZyGytTVL 
Content-Type: application/json

{ some: "postData" }  


  • Expiration. By default, a API Key does not expire. Optional date of expiry may be set.
  • IP Address. Access for API Key may be granted only from single or range of IP addresses.

You can manage API Keys with this resource.