Skip to main content

What is an API Key?

An API key is a unique identifier used to authenticate your requests to the Loops API. It acts like a password and should be kept secure at all times.

Getting Your API Key

Step 1: Access Your Dashboard

  1. Log in to your Loops Dashboard
  2. Navigate to SettingsAPI Keys

Step 2: Create or Copy Your Key

  • If you don’t have an API key yet, click Create API Key
  • If you already have one, click the Copy button next to your key
  • You can create multiple API keys for different environments (development, production, etc.)
Best Practice: Create separate API keys for development and production environments. This makes it easier to rotate keys without affecting your live application.

Using Your API Key

Authentication Method

All API requests must include your API key in the Authorization header using Bearer authentication: 
Authorization: Bearer your_api_key_here

Example Requests

curl https://api.loops.fi/api/v2/checkout/sessions \
  -H "Authorization: Bearer your_api_key_here" \
  -H "Content-Type: application/json"

Security Best Practices

Never expose your API key in client-side code, public repositories, or logs!

1. Use Environment Variables

Always store your API key in environment variables, not in your code: 
LOOPS_API_KEY=your_api_key_here

2. Add to .gitignore

Make sure your .env file is in your .gitignore:
.gitignore
.env
.env.local
.env.production

3. Use Server-Side Only

API keys should only be used in server-side code (backend, API routes, serverless functions), never in:
  • ❌ Frontend JavaScript
  • ❌ Mobile apps
  • ❌ Desktop applications
  • ❌ Browser extensions

4. Rotate Keys Regularly

Consider rotating your API keys periodically, especially if:
  • A developer with access leaves your team
  • You suspect a key may have been compromised
  • As a regular security practice (e.g., every 90 days)

5. Use Separate Keys for Different Environments

Create different API keys for:
  • Development: For local testing
  • Staging: For pre-production testing
  • Production: For your live application

Managing Multiple API Keys

You can create multiple API keys in your dashboard. This is useful for:
  • Different environments (dev, staging, production)
  • Different applications using the same Loops account
  • Team member access with different permissions
  • Key rotation without downtime

Creating a New Key

  1. Go to SettingsAPI Keys
  2. Click Create API Key
  3. Give it a descriptive name (e.g., “Production Server”, “Development”)
  4. Copy the key immediately (you won’t be able to see it again)
  5. Store it securely in your environment variables

Revoking a Key

If you need to revoke an API key:
  1. Go to SettingsAPI Keys
  2. Find the key you want to revoke
  3. Click Revoke or Delete
  4. Confirm the action
Revoking a key will immediately stop all API requests using that key. Make sure you’ve updated your application with a new key before revoking the old one.

Common Errors

401 Unauthorized

{
  "error": "Unauthorized"
}
Causes:
  • Missing Authorization header
  • Invalid or expired API key
  • Incorrect Bearer token format
Solution:
  • Verify your API key is correct
  • Check the Authorization header format: Bearer your_api_key
  • Ensure your API key hasn’t been revoked

403 Forbidden

{
  "error": "Forbidden"
}
Causes:
  • API key doesn’t have permission for the requested resource
  • Account has restrictions or is suspended
Solution:
  • Verify your account status in the dashboard
  • Contact support if you believe this is an error

Testing Your API Key

You can test if your API key is working with a simple request: 
curl https://api.loops.fi/api/v2/checkout/sessions \
  -H "Authorization: Bearer your_api_key_here"

Need Help?

If you’re having trouble with your API key:
I