API Authentication
Secure your mock APIs with API key authentication using the x-api-key header. Control access and protect sensitive mock endpoints.
How It Works
API authentication uses the same API keys created for MCP integration:
Team API Keys
Use existing API keys from your team settings
Per-API Control
Enable authentication independently for each mock API
Selective Access
Choose which API keys can access each mock API
Standard Headers
Uses industry-standard x-api-key header format
Setup Process
Follow these steps to enable authentication for your mock API
Configuration Steps
Create API Keys
Go to Team Settings → API Keys and create one or more API keys
Enable Authentication
In your API settings, enable "Require x-api-key header"
Select Allowed Keys
Choose which API keys should have access to this specific API
Save Settings
Click "Save Settings" to apply authentication requirements
Usage Examples
How to make authenticated requests to your protected mock APIs
cURL Example
# Without authentication (will fail if required)
curl https://your-api.dotmock.com/endpoint
# With x-api-key header (authenticated)
curl -H "x-api-key: mck_your_api_key_here" \
https://your-api.dotmock.com/endpoint
# POST request with authentication
curl -X POST \
-H "x-api-key: mck_your_api_key_here" \
-H "Content-Type: application/json" \
-d '{"name": "example"}' \
https://your-api.dotmock.com/endpointJavaScript Example
// Using fetch with x-api-key header
const response = await fetch('https://your-api.dotmock.com/endpoint', {
headers: {
'x-api-key': 'mck_your_api_key_here',
'Content-Type': 'application/json'
}
});
// Using axios with default headers
const axios = require('axios');
axios.defaults.headers.common['x-api-key'] = 'mck_your_api_key_here';
const response = await axios.get('https://your-api.dotmock.com/endpoint');Python Example
import requests
# Single request with authentication
response = requests.get(
'https://your-api.dotmock.com/endpoint',
headers={'x-api-key': 'mck_your_api_key_here'}
)
# Using requests Session for multiple calls
session = requests.Session()
session.headers.update({'x-api-key': 'mck_your_api_key_here'})
response = session.get('https://your-api.dotmock.com/endpoint')Authentication Error Responses
Understanding what happens when authentication fails
Missing API Key (401)
{
"success": false,
"error": "AUTHENTICATION_REQUIRED",
"message": "This API requires authentication. Please provide a valid x-api-key header.",
"status": 401,
"statusText": "Unauthorized"
}Invalid API Key (403)
{
"success": false,
"error": "INVALID_API_KEY",
"message": "The provided API key is not valid for this API.",
"status": 403,
"statusText": "Forbidden"
}Security Best Practices
Rotate API keys regularly - Create new keys and delete old ones periodically
Use environment variables - Never hardcode API keys in your source code
Limit key permissions - Only grant access to APIs that need it
Monitor usage - Check the "Last Used" timestamps in your API key settings
Common Use Cases
When to use API authentication with your mock APIs
Internal Testing
Protect mock APIs used for internal development and testing environments
Partner Access
Share specific mock APIs with partners while controlling access
Staging Environments
Secure staging mock APIs to prevent unauthorized access
Sensitive Data
Protect mock APIs containing sensitive or confidential data structures
Quick Setup Guide
- Navigate to your API's overview page
- Click "Show Settings" to expand the settings panel
- In the Authentication section, toggle "Require x-api-key header"
- Use the dropdown to select which API keys can access this API
- Click "Save Settings" to apply the changes
- Test your authenticated endpoints using the x-api-key header
- • If you get 401 errors, ensure the x-api-key header is included in your requests
- • If you get 403 errors, check that the API key is in the allowed keys list
- • API keys must be active and not expired
- • Header name is case-sensitive: use "x-api-key" (lowercase)