Guide
Onboarding Friction Points: First API Call Fix Guide
This page summarizes the most common onboarding blockers from the User Onboarding & First-Call Friction Audit (T-281), and the exact fixes that get first calls working quickly.
1) Use the correct authentication header
KhaleejiAPI expects the API key in the Authorization header using the Authorization: Bearer <key> format. This is the documented default for all new integrations. A legacy x-api-keyfallback may still work for older clients, but it should not be used in new code.
bash
# ❌ Wrong (raw key)Authorization: YOUR_API_KEY # ⚠ Legacy compatibility noteOlder clients may still send the x-api-key header, but new integrations should not use it. # ✅ CorrectAuthorization: Bearer <key> 2) Call the correct endpoint path
Public REST APIs are under /api/v1. Bare /v1 paths are invalid and return 404.
bash
# ❌ Wrong path (returns 404)https://khaleejiapi.dev/v1/email/validate # ✅ Correct pathhttps://khaleejiapi.dev/api/v1/email/validate3) Known-good first call
If your integration is new, run this exact request first. It confirms auth + path + response format before adding SDK abstractions.
bash
curl -X GET "https://khaleejiapi.dev/api/v1/email/[email protected]" \ -H "Authorization: Bearer <key>" \ -H "Content-Type: application/json"Common first-call issues and fixes
- 401 Unauthorized: key sent as raw value or in
x-api-keyinstead ofAuthorization: Bearer <key>. - 404 Not Found: using
/v1/...instead of/api/v1/.... - Unexpected validation errors: missing required query/body fields from the endpoint docs.
- Browser/CORS failures: call KhaleejiAPI from your backend, not directly from frontend code.
First-call verification checklist:
- Use Authorization header exactly as: Authorization: Bearer <key>
- Use /api/v1/... endpoint paths (not /v1/...)
- Send query/body fields expected by the endpoint docs
- Keep key server-side and never expose it in browser code