Back to Guides
10 min read

Authentication

Learn how to authenticate API requests using API keys and manage access securely.

API Key Authentication

All API requests must include your API key in the Authorization header. CoverKit uses Bearer token authentication.

curl https://api.coverkit.io/v1/quotes \
  -H "Authorization: Bearer sk_live_your_api_key" \
  -H "Content-Type: application/json"

API Key Types

Sandbox Keys

Prefix: sk_sandbox_

  • For development and testing
  • No real transactions processed
  • Simulated responses

Production Keys

Prefix: sk_live_

  • For production environment
  • Real transactions processed
  • Full audit logging

SDK Authentication

When using our SDKs, pass your API key during initialization:

JavaScript/TypeScript
import { CoverKit } from '@coverkit/sdk';

const coverkit = new CoverKit({
  apiKey: process.env.COVERKIT_API_KEY,
});
Python
from coverkit import CoverKit

client = CoverKit(api_key=os.environ['COVERKIT_API_KEY'])

Security Best Practices

  • Never expose API keys in client-side code
  • Use environment variables for key storage
  • Rotate keys regularly
  • Use separate keys for development and production
  • Monitor API key usage in the dashboard

Key Rotation

You can rotate your API keys at any time from the dashboard. When you rotate a key:

  1. A new key is generated immediately
  2. The old key remains valid for 24 hours
  3. Update your application with the new key
  4. The old key is automatically revoked after 24 hours

Next Steps

Creating Quotes

Generate real-time insurance quotes

Error Handling

Handle authentication errors gracefully