csv-api
Log in Sign up
Back to Features
Feature

API Key Authentication

Bearer-token auth with per-plan rate limits, built in.

Generate API keys from the dashboard and use them to authenticate every request. Pass them via the Authorization header or as a query parameter — your call.

What it does

API Key Authentication is the security layer in front of every csv-api dataset. Each account can mint multiple API keys from the dashboard. Keys are stored as SHA-256 hashes — we never keep the raw key after creation, so even we can't read it. Authenticate by sending Authorization: Bearer YOUR_KEY on each request, or by passing ?api_key=YOUR_KEY as a query parameter when a header isn't convenient. Every request is rate-limited based on your subscription tier.

How it works

  1. 1

    Create a key

    Open the Account page and click 'Generate API key.' Copy the key immediately — we hash it server-side and the raw value disappears the moment you navigate away.

  2. 2

    Authenticate your request

    Send the key as a Bearer token in the Authorization header, or as an api_key query parameter. Both work on every endpoint.

  3. 3

    Stay within your rate limit

    Each plan has its own per-hour request quota. Rate-limit headers in every response tell you exactly where you stand.

  4. 4

    Rotate or revoke anytime

    Compromised key? Delete it from the dashboard and the next request fails. Generate a fresh one and you're back.

See it in action

bash 
# Header-based auth (recommended)
curl -H "Authorization: Bearer YOUR_API_KEY" \
  "https://csv-api.com/api/v1/datasets/d_a8f3bc91/records"

# Query parameter auth (handy for browser fetches)
curl "https://csv-api.com/api/v1/datasets/d_a8f3bc91/records?api_key=YOUR_API_KEY"

Why it matters

  • Production-grade security from day one

    SHA-256 hashed at rest, HTTPS in transit, revocable on demand. The same defaults you'd build by hand, included.

  • Multiple keys per account

    Use one key per environment (dev, staging, production) or per integration so you can rotate without breaking everything at once.

  • Rate limiting included

    No need to bolt on a rate limiter — every plan tier ships with its own per-hour ceiling and the response headers to back it up.

The problem it solves

Rolling your own API key system is a small project on its own — generation, hashing, rotation, rate limiting, audit. csv-api includes all of it so you can ship the actual feature you sat down to build.

Common use cases

  • Securing data behind a key so only your apps can fetch it

  • Issuing one key per integration so you can rotate independently

  • Throttling abuse with built-in rate limits instead of writing your own

  • Building authenticated mobile and SPA clients without an OAuth dance

Try API Key Authentication for yourself

Create a free csv-api account, upload a file, and see your API live in under a minute.

Create your free account All features

Related features

CORS Support

Fetch directly from the browser. No proxy required.

Instant CSV to REST API

Upload a file. Get an API. Done.

Shared Data Views

Public, read-only pages for any dataset. With your branding.

We use essential cookies to keep you logged in. No tracking or analytics. Privacy policy