Authentication¶
~3 min read · Getting started
Every request is authenticated with an API key, sent as a bearer token.
- Send it on both endpoints (
POSTandGET). - A missing or invalid key returns
401 Unauthorized; a key without permission for the action returns403 Forbidden.
Getting a key¶
API keys are issued by DDS Wireless. To get one for evaluation or production, contact your DDS Wireless representative or reach out via the Scheduled Routes API page. You'll receive a key scoped to your account.
Trying it in these docs
The API reference has a Try it out console. Click Authorize, paste your own key, and calls run against the production server under your account. See Testing and access.
Keeping your key safe¶
Treat your key like a password
- Never commit it to source control, embed it in client-side/browser code, or share it in a public forum.
- Keep it server-side; inject it from an environment variable or secret store.
- If a key is exposed, contact DDS Wireless to rotate it.
- Don't send confidential or personal data in requests you don't need to.
Related: Quickstart · Testing and access · Status codes