Skip to main content

API keys

Check.et uses bearer token authentication. Every request must include your API key in the Authorization header: 
Authorization: Bearer chk_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Keys start with the chk_ prefix. The full key is shown once when created - copy it immediately and store it in a secrets manager or environment variable.

Requirements

API keys can only be created by business accounts. If you registered as a personal user, go to check.et/setup to create a business profile first. API access is not available on personal accounts.

Creating a key

  1. Log in and go to Dashboard → API Keys
  2. Click Create key
  3. Give it a descriptive name (e.g. production, staging)
  4. Optionally assign it to a specific branch
  5. Copy the displayed key

Branch targeting

Your business can have multiple branches. Each API key is tied to a branch. To target a specific branch when using a key that spans multiple branches, pass the X-Branch-Id header: 
X-Branch-Id: 55
If you omit the header, requests resolve to the branch the key was created for.

Key rotation

To rotate a key:
  1. Create a new key in the dashboard
  2. Update your application to use the new key
  3. Revoke the old key
There is no automated rotation - you control the lifecycle.

Security best practices

  • Never commit keys to source control
  • Use environment variables: CHECK_ET_API_KEY=chk_...
  • Create separate keys for staging and production
  • Revoke unused keys promptly from the dashboard
  • Each key is scoped to a branch - limit blast radius by using branch-specific keys