Authentication
The eMARCOTT API uses API keys for authentication. Include your API key in the header of every request.
Getting Your API Key
- Log in to your eMARCOTT admin dashboard
- Navigate to Settings → API
- Click Generate API Key
- Copy your key and store it securely
Security Warning: Never expose your API key in client-side code or public repositories. Treat it like a password.
Making Authenticated Requests
Include your API key in the Authorization header:
Authorization: Bearer YOUR_API_KEYExample Request
curl https://api.marcotstudios.com/v1/listings \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json"Error Responses
Authentication errors return a 401 Unauthorized status:
{
"error": {
"code": "unauthorized",
"message": "Invalid or missing API key"
}
}Key Management
- Rotate keys - Generate a new key if your current one is compromised
- Multiple keys - Create separate keys for different integrations
- Revoke access - Delete keys that are no longer needed
Best Practices
- Store API keys in environment variables
- Use different keys for development and production
- Rotate keys periodically
- Monitor usage for unusual activity