Cobalt uses API keys to control access to the API.

You must keep the API key secret, so make sure it isn’t available in publicly accessible areas, such as GitHub and client-side code. Cobat recommends the API key is only inserted at release time, and the number of people at your organization with access to your API key is minimised.

Cobalt expects the API key to be included in all API requests to the server, Base64 encoded within an ‘x-api-key’ header.


Replace YOUR_ENCODED_API_KEY with your API key

Finding your API Key

To retrieve your API key from Cobalt’s portal:

  • In the navigation bar, Go to Settings > API Keys
  • Copy your Production or Test API key depending on your environment