Start

Authentication

Authenticate server-side requests with an Embodin API key and keep credentials out of client applications.

API keys

Every request must include a bearer token in the Authorization header. Keep production keys in a secret manager or encrypted environment variable.

.env

EMBODIN_API_URL=https://api.embodin.example/v1
EMBODIN_API_KEY=ov_live_...

Send the authorization header

Node.js

const response = await fetch(`${process.env.EMBODIN_API_URL}/search`, {
  method: 'POST',
  headers: {
    Authorization: `Bearer ${process.env.EMBODIN_API_KEY}`,
    'Content-Type': 'application/json',
  },
  body: JSON.stringify({
    query: 'active construction permits',
    area: 'Toronto, Canada',
  }),
});

Protect your credentials

Never expose a secret key in browser JavaScript, mobile bundles, or public repositories.
Use separate keys for development and production environments.
Rotate a key immediately if it is exposed and update all dependent services.

The example API hostname is a placeholder. Use the base URL and credentials supplied with your Embodin account.