Skip to main content

API Key Format

GTMAPIs uses API keys for authentication. All API requests must include your API key in the X-API-Key header.

Key Types

gtm_test_1234567890abcdef1234567890abcdef
  • Test keys (gtm_test_*) - For development and testing
  • Live keys (gtm_live_*) - For production use
Never commit API keys to version control or expose them in client-side code. Store them as environment variables.

Making Authenticated Requests

Include your API key in the X-API-Key header with every request: 
curl -X POST https://api.gtmapis.com/v1/validate \
  -H "Content-Type: application/json" \
  -H "X-API-Key: gtm_test_your_key_here" \
  -d '{"email":"test@example.com"}'

Generating API Keys

1

Login to Dashboard

Go to gtmapis.vercel.app/dashboard
2

Navigate to API Keys

Click on API Keys in the sidebar
3

Create New Key

Click Generate New Key and choose test or live mode
4

Save Your Key

Copy the full key immediately - it’s only shown once!
API keys are stored as SHA-256 hashes for security. You’ll only see the full key once during creation.

API Key Security

Best Practices

Do:
  • Store API keys as environment variables
  • Use test keys for development
  • Rotate keys regularly
  • Use separate keys for different environments
  • Revoke compromised keys immediately
Don’t:
  • Commit keys to version control
  • Share keys in public forums or Slack
  • Use live keys in development
  • Expose keys in client-side JavaScript
  • Hardcode keys in your source code

Key Storage Example

# Store in .env file (never commit this!)
GTMAPIS_API_KEY=gtm_test_your_key_here

Rate Limits

Each API key has a rate limit of 1000 requests per minute. If you exceed this limit, you’ll receive a 429 Too Many Requests response: 
{
  "error": "Rate limit exceeded",
  "message": "You have exceeded the rate limit of 1000 requests per minute",
  "retry_after": 60
}
For higher rate limits, contact us at matt@closedwonleads.com

Error Responses

Invalid API Key

{
  "error": "Unauthorized",
  "message": "Invalid API key"
}

Missing API Key

{
  "error": "Unauthorized",
  "message": "X-API-Key header is required"
}

Expired or Revoked Key

{
  "error": "Unauthorized",
  "message": "API key has been revoked"
}

Next Steps

Make Your First Request

Try the API with your new key

API Reference

Explore all available endpoints