Skip to main content

API Authentication

IMPORTANT: Your API key is the password to access your AppFolio® data - it is your responsibility to keep it safe.

It should never be used in a place where somebody else may find it. Do NOT use your Skywalk API key in frontend web applications or store your API key in an insecure manner.

Authentication#

We require authentication to use all aspects of the API. In order to authenticate, you must provide a valid API Key in the X-API-Key request header with every request.

You can create and decommission API keys from the Skywalk API Dashboard.

Authentication HTTP Request Header
X-API-Key: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6ImNlNWY5YmEwLWQ1NTgtNGEzNy1iNTkzLWRjZmMzNWY3ZjZiYSJ9.9d75_5d98k8VP_97tYLwvG-2YOOcm9uYBzQtZgEx6M4
Example cURL Request
$ curl https://api.skywalkapi.com/v1
-H "X-API-Key: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6ImNlNWY5YmEwLWQ1NTgtNGEzNy1iNTkzLWRjZmMzNWY3ZjZiYSJ9.9d75_5d98k8VP_97tYLwvG-2YOOcm9uYBzQtZgEx6M4"

Limiting Access#

Projects can have multiple API keys. Keys have permissions designed to limit access for different integrations. Depending on your plan, keys may be configured for read-only vs. read and write access. Keys may also restrict access to specified endpoints.

Security#

API Keys allow access to your data. They should be handled only by trusted parties in private contexts. Do not check them into code bases or use in front-end contexts such as browsers. Always keep them private.