Decode Hash Docs
Getting Started

Authentication

The Decode Hash API uses API keys to authenticate requests. Include your key in every request to identify your account and track usage.

API Keys

You can obtain your API key from the Decode Hash Dashboard. Each key is tied to your account and plan, determining your rate limits and monthly quota.

Important: Keep your API keys secure. Do not share them in client-side code, public repositories, or anywhere that could be accessed by unauthorized users.

Authentication Header

Include your API key in the X-API-Key header of every request:

Authenticated Request
curl -X POST https://api.decode.cowdi.co/v1/lookup \
-H   "Content-Type: application/json" \
-H   "X-API-Key: sk_live_your_api_key_here" \
-d   '{"hash": "9a880505fc5c..."}'

If you make a request without a valid API key, or with an expired or revoked key, you will receive a 401 Unauthorized response:

Response401 Unauthorized
{
  "error": {
    "code": "invalid_api_key",
    "message": "The API key provided is invalid or has been revoked."
  }
}

Security Best Practices

  • 1Store API keys in environment variables, never in source code.
  • 2Rotate your keys periodically from the dashboard.
  • 3Set up IP allowlists if your requests come from known server IPs.
  • 4Use separate API keys for different applications or environments.