API Key Authentication
All Partner API requests require authentication using an API key passed in the X-API-Key header.
X-API-Key: your_partner_api_key
Making authenticated requests
Include your API key in the X-API-Key header of every request:
curl https://api.bipa.tech/partner/v1/events \
-H "X-API-Key: your_partner_api_key" \
-H "Content-Type: application/json"
Obtaining API keys
Partner API keys are provisioned by Bipa during the partner onboarding process. Contact your Bipa representative to obtain your API key.
Each partner organization receives a unique API key. Keep your key secure and never share it publicly.
Security best practices
Use environment variables
Store API keys in environment variables, not in code:
export BIPA_PARTNER_API_KEY=your_partner_api_key
const apiKey = process.env.BIPA_PARTNER_API_KEY;
Never expose keys in client-side code
Partner API keys should only be used in server-to-server communications. Never include them in frontend applications or mobile apps.
Rotate keys if compromised
If you suspect your API key has been compromised, contact Bipa immediately to revoke the key and obtain a new one.
