TextWatermark Logo TextWatermark.
Login Sign Up

Authentication

Access to the TextWatermark API is authenticated using API Keys. This ensures that only authorized users and applications can interact with your watermarking resources.

1. Obtaining Your API Key

To use the TextWatermark API, you'll need an API Key. You can obtain your API Key from your account dashboard after creating an account.

  • If you don't have an account yet, please sign up here.
  • Once registered and logged in, navigate to the API section of your dashboard to find your unique API Key.

2. Using Your API Key

All API requests must include your API Key in the Authorization header, using the Bearer token scheme.

Format the header as follows, replacing YOUR_API_KEY with the actual API Key from your dashboard:

Authorization: Bearer YOUR_API_KEY

For example, a cURL request would look like this:

curl -X POST https://api.textwatermark.com/api/v1/encode \
     -H "Authorization: Bearer YOUR_API_KEY" \
     -H "Content-Type: application/json" \
     -d '{"original_text": "Hello world", "payload": "secret_info"}'

3. API Key Security Best Practices

Your API Key grants access to your TextWatermark resources. Treat it like a password and keep it secure. Here are some best practices:

  • Keep it Confidential: Do not share your API Key in publicly accessible areas such as GitHub repositories, client-side code, or public forums.
  • Server-Side Storage: Store and use your API Key on your server. Avoid embedding it directly in client-side applications (e.g., JavaScript in a web browser).
  • Use Environment Variables: For server-side applications, store your API Key in an environment variable. This prevents it from being hardcoded into your application source code. 
    # Example for a .env file or server environment
TEXTWATERMARK_API_KEY="YOUR_API_KEY"
    // Example in Node.js
const apiKey = process.env.TEXTWATERMARK_API_KEY;
  • Client-Side Proxy: If you need to make API calls from a client-side application, consider routing them through your own backend server which can then securely add the API Key to the request.
  • Key Rotation: (If applicable based on your account features) Periodically regenerate your API Key from your account dashboard, especially if you suspect it might have been compromised.
  • Monitor Usage: (If applicable based on your account features) Keep an eye on your API usage through your dashboard to detect any unauthorized activity.
  • If Compromised: If you believe your API Key has been compromised, regenerate it immediately from your TextWatermark dashboard to invalidate the old key.

4. Troubleshooting Authentication Errors

If you encounter issues with authentication, you might receive one of the following HTTP status codes:

  • 401 Unauthorized: This typically means your API Key is missing, invalid, or expired. Double-check that you are including the Authorization header correctly and that the key is accurate.
  • 403 Forbidden: This error indicates that your API Key is valid, but it does not have the necessary permissions for the requested operation or resource. This could also be due to rate limits or other account-specific restrictions.

For a more detailed list of error codes and their meanings, please refer to our Error Handling documentation.