Authentication

API Keys

All Cobi API requests are authenticated with an API key passed as a Bearer token. To get an API key:

Contact [email protected] with your organisation details and intended use case
You’ll receive a unique key scoped to your organisation

Making Authenticated Requests

Include your API key in the Authorization header on every request:

curl -X POST https://api.hellocobi.com/v1/data/customers \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"records": [...]}'

Security Best Practices

Store your API key in environment variables and never hard-code it in source files or commit it to version control. If you suspect a key has been compromised, contact [email protected] to get it rotated immediately. All API traffic must use HTTPS.

Error Responses

Status	Meaning	Resolution
`401 Unauthorized`	Key is missing or invalid	Check your `Authorization` header format and key value
`403 Forbidden`	Key does not have permission for this resource	Contact support to verify your key’s scope

{
  "error": "Unauthorized",
  "message": "Invalid or missing API key"
}

Getting Started

Data Sources

Channels

API

API Keys

Making Authenticated Requests

Security Best Practices

Error Responses

Getting Started

Data Sources

Channels

API

​API Keys

​Making Authenticated Requests

​Security Best Practices

​Error Responses

API Keys

Making Authenticated Requests

Security Best Practices

Error Responses