Documentation | KhaleejiAPI

Authentication

Learn how to authenticate your API requests to KhaleejiAPI securely.

API Keys

KhaleejiAPI uses API keys to authenticate requests. You can view and manage your API keys in your dashboard.

Getting your API key

Sign up for a free account at khaleejiapi.dev/signup
Navigate to the API Keys section in your dashboard
Click "Create new key" and give it a descriptive name
Copy your API key and store it securely

Keep your API keys secure! Do not expose them in client-side code, public repositories, or share them with others. Treat them like passwords.

Authentication Methods

There are two ways to authenticate your API requests:

Recommended

API Key Header

Pass your API key in the x-api-key header. This is the most secure and recommended method.

bash

curl -X GET "https://khaleejiapi.dev/api/v1/ip/lookup?ip=8.8.8.8" \
  -H "x-api-key: YOUR_API_KEY"

Query Parameter

Alternatively, pass your API key as a query parameter. This method is less secure as the key may appear in server logs and browser history.

bash

curl -X GET "https://khaleejiapi.dev/api/v1/ip/lookup?ip=8.8.8.8&api_key=YOUR_API_KEY"

Using SDKs

Our official SDKs handle authentication automatically. Simply initialize the client with your API key:

JavaScript / TypeScript

javascript

import { KhaleejiAPI } from '@khaleejiapi/sdk';
 
// Initialize with your API key
const client = new KhaleejiAPI('your_api_key');
 
// All subsequent requests are automatically authenticated
const result = await client.ip.lookup('8.8.8.8');

Python

python

from khaleejiapi import KhaleejiAPI
 
# Initialize with your API key
client = KhaleejiAPI('your_api_key')
 
# All subsequent requests are automatically authenticated
result = client.ip.lookup('8.8.8.8')

Best Practices

Use Environment Variables

Store your API key in environment variables instead of hardcoding it.

bash

# .env.local
KHALEEJI_API_KEY=your_api_key_here
 
# Then in your code:
const client = new KhaleejiAPI(process.env.KHALEEJI_API_KEY);

Use Different Keys for Each Environment

Create separate API keys for development, staging, and production environments.

Rotate Keys Regularly

Periodically rotate your API keys, especially if you suspect they may have been compromised.

Use Server-Side Requests

Make API calls from your backend server, not directly from client-side code.

Authentication Errors

Status Code	Error	Description
`401`	unauthorized	No API key provided or invalid key
`403`	forbidden	API key doesn't have access to this resource
`429`	rate_limited	Too many requests. Check rate limits.