API Authentication

IMPORTANT: Your API key is the password to access your AppFolio® data - it is your responsibility to keep it safe.
It should never be used in a place where somebody else may find it. Do NOT use your Skywalk API key in frontend web applications or store your API key in an insecure manner.

Authentication

We require authentication to use all aspects of the API. In order to authenticate, you must provide a valid API Key in the X-API-Key request header with every request.

You can create and decommission API keys from the Skywalk API Dashboard.

Authentication HTTP Request Header

X-API-Key: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6ImNlNWY5YmEwLWQ1NTgtNGEzNy1iNTkzLWRjZmMzNWY3ZjZiYSJ9.9d75_5d98k8VP_97tYLwvG-2YOOcm9uYBzQtZgEx6M4

Example cURL Request

$ curl https://api.skywalkapi.com/v1  
  -H "X-API-Key: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6ImNlNWY5YmEwLWQ1NTgtNGEzNy1iNTkzLWRjZmMzNWY3ZjZiYSJ9.9d75_5d98k8VP_97tYLwvG-2YOOcm9uYBzQtZgEx6M4" 

Limiting Access

Projects can have multiple API keys. Keys have permissions designed to limit access for different integrations. Depending on your plan, keys may be configured for read-only vs. read and write access. Keys may also restrict access to specified endpoints.

Security

API Keys allow access to your data. They should be handled only by trusted parties in private contexts. Do not check them into code bases or use in front-end contexts such as browsers. Always keep them private.

Authentication​

Limiting Access​

Security​

Authentication

Limiting Access

Security