Authentication

API keys

The Kublau API uses API keys to authenticate requests. You can view and manage your API keys in the Kublau Dashboard.

Kublau authenticates your API requests using your workspace’s API keys. If you do not include your key when making an API request, or use one that is incorrect or outdated, Kublau returns an error.

Every workspace is provided with separate keys for testing and for running live transactions. All API requests exist in either test or live mode, and objects—customers, trackers, shipments, and so forth—in one mode cannot be manipulated by objects in the other.

API keys should be kept confidential and only stored on your own servers. Your account’s secret API key can perform any API request to Kublau without restriction.

Obtaining your API keys

Your API keys are available in the Dashboard. These keys carry many privileges, so be sure to keep them secure! Do not share your secret API keys in publicly accessible areas such as GitHub, client-side code, and so forth.

Authentication to the API is performed via bearer tokens. Provide your API key prefixed by Bearer as the value of the Authentication header in all GraphQL queries and mutations.

All API requests must be made over HTTPS. Calls made over plain HTTP will fail. API requests without authentication will also fail.

Query the API

You can access the API endpoint using cURL or any other HTTP client. For the following examples, make sure to replace <ACCESS_TOKEN> with the token you generated in the Authentication section.

curl

To make a query to the API using curl, send a POST request with your query as the JSON payload.

GRAPHQL_TOKEN=<ACCESS_TOKEN>
curl "https://api.kublau.com/graphql" --header "Authorization: Bearer $GRAPHQL_TOKEN" --header "Content-Type: application/json" --request POST --data "{\"query\": \"query {workspace {name}}\"}"