← Back to Documentation
Server-Side API Keys
Understanding authentication and secure API key usage.
Start API Access — $49/mo
Bearer Token Authentication
AXIMUR uses Bearer token authentication. Include your API key in the Authorization header:
Authorization: Bearer YOUR_API_KEY
Security Warning: API keys must be kept server-side only.
Server-Side Only
API keys must never be exposed in:
- Browser JavaScript or frontend code
- Mobile applications (iOS, Android)
- Public repositories or version control
- Client-side configuration files
- Browser developer tools or console logs
Secure Storage
Store API keys securely using:
- Environment variables (recommended for development)
- Secrets managers (AWS Secrets Manager, HashiCorp Vault, etc.)
- CI/CD secrets (GitHub Actions secrets, GitLab CI variables)
- Encrypted configuration files
API Key Delivery
After purchase, API keys are delivered via email to the address used during checkout. This is a manual delivery process within 24 hours of purchase.
Important: There is no self-serve API key portal. Keys are delivered manually to prevent abuse and ensure proper onboarding.
Best Practices
- Rotate keys periodically — If you suspect exposure, contact support for key rotation
- Use different keys per environment — Development, staging, production should have separate keys
- Monitor usage — Check for unusual API usage patterns
- Never log keys — Ensure API keys are not included in application logs
- Revoke if compromised — Immediately contact support if a key is exposed
Example: Environment Variables
# .env file (never commit this)
AXIMUR_API_KEY=sk_live_abc123...
# In your application
import os
api_key = os.environ['AXIMUR_API_KEY']
Example: Secrets Manager
# Using AWS Secrets Manager (pseudo-code)
secret = get_secret('aximur-api-key')
api_key = secret['api_key']
What Happens If My Key Is Exposed?
If your API key is accidentally exposed in logs, code, or repositories:
- Contact support immediately at contact@aximur.com
- Request key revocation and replacement
- Review API usage for unauthorized activity
- Rotate any other keys that may have been exposed
Learn More
Start API Access — $49/mo
← Back to Documentation