Authentication
Learn how to authenticate your API requests with katsau.
API Key Format
katsau uses API keys to authenticate requests. Your API key carries many privileges, so keep it secure.
Production
ks_live_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxUse in production environments
Test
ks_test_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxUse for development and testing
Authentication Methods
You can authenticate using any of the following methods:
Recommended
Authorization Header (Bearer Token)
GET /v1/extract?url=https://example.com HTTP/1.1
Host: api.katsau.com
Authorization: Bearer ks_live_your_api_keyX-API-Key Header
GET /v1/extract?url=https://example.com HTTP/1.1
Host: api.katsau.com
X-API-Key: ks_live_your_api_keyLess Secure
Query Parameter
GET /v1/extract?url=https://example.com&api_key=ks_live_your_api_key HTTP/1.1
Host: api.katsau.comQuery parameters may be logged by servers. Use header authentication when possible.
Code Examples
// Using fetch
const response = await fetch('https://api.katsau.com/v1/extract?url=https://example.com', {
headers: {
'Authorization': 'Bearer ks_live_your_api_key',
'Content-Type': 'application/json'
}
});
// Using katsau SDK
import { katsau } from 'katsau';
const client = new katsau('ks_live_your_api_key');
const data = await client.extract('https://example.com');Security Best Practices
Never expose keys in client-side code
Make API calls from your backend server
Use environment variables
Store keys in .env files, never commit to git
Rotate keys regularly
Generate new keys periodically and revoke old ones
Use separate keys for test and production
ks_test_* for development, ks_live_* for production
Authentication Errors
If authentication fails, you'll receive a 401 Unauthorized response:
{
"success": false,
"error": {
"code": "INVALID_API_KEY",
"message": "The API key provided is invalid or expired",
"docs_url": "https://docs.katsau.com/errors/INVALID_API_KEY"
}
}