The only form of authentication supported by the API is through api keys provided when your account is created.

Authenticating to production vs sandbox environments

The api expects each request to contain an x-api-key header which contains your live or test key. The test key for the sandbox environment does not occur any billing.

Production usage

API calls made to the production environment will incur charges and trigger real world dispatches of kits, phlebotomy visits, or both. If you have questions about the API, please test against the sandbox environment or contact [email protected] first.

Sandbox Usage

To use the sandbox, just use the sandbox key provided to you at account set up. Sandbox keys will always start with test:. You will not be billed for sandbox usage.

Objects created in the sandbox are not guaranteed to be long lived. The sandbox environment is subject to a weekly reset. Your access will not be altered but any historical objects may be deleted. This includes webhook endpoints which will require registration if you are testing events.


Compromised Account

If for whatever reason you believe these keys have been compromised, the immediate course of action is to email [email protected]. We will disable your account temporarily until your identity has been verified and new keys have been generated for your account.