API

Authentication

Learn how to authenticate your API requests using API keys.

API Keys

The Pixelbase API uses API keys to authenticate requests. You can view and manage your API keys in the Dashboard under the API page.

Your API keys carry many privileges, so be sure to keep them secure! Do not share your secret API keys in publicly accessible areas such as GitHub, client-side code, and so forth.

Note: You must be an administrator within your organization to manage API keys.

Authenticated Requests

Include the following headers in your API requests:

X-API-KeySet a valid API key for authentication. If you have admin access within your organization, go to the API Keys page to manage API keys.

X-Organization-IDThe ID associated with the organization that the API key belongs to. The organization ID can be found here.

GETExample request

curl

curl https://www.pxb.app/api/public/v1/test-api-key \
  -H "X-API-Key: your_api_key_here" \
  -H "X-Organization-ID: your_organization_id_here"

200Example response

json

{
  "message": "API key is valid",
  "content": {
    "id": "e9b1f3a7-2c4e-4b3a-bb6f-1e2d3c4a5b6f",
    "name": "Production",
    "keyPrefix": "pxb_abc12345",
    "createdAt": "2026-04-12T10:24:31.000Z",
    "expiresAt": null,
    "lastUsedAt": "2026-05-09T18:02:14.000Z"
  }
}

Security Best Practices

Keep your API keys secret. Never expose them in client-side code, public repositories, or logs.
Use environment variables. Store API keys in environment variables rather than hardcoding them.
Rotate keys regularly. Create new API keys periodically and revoke old ones.
Use separate keys for different environments. Have distinct keys for development, staging, and production.

Tip: pair your X-API-Key with a least-privilege role.