Overview
All Forerunner API requests require authentication using Bearer tokens passed in the Authorization header. This ensures secure access to your organization’s data and maintains audit trails for API activity.Getting your API key
API keys are provided by Forerunner and are organization-specific. To obtain an API key:Contact your Customer Success Manager
Reach out to your Customer Success Manager to request API access.
Or email our team
Send a request to engineering@withforerunner.com with your organization name and use case.
Using your API key
Include your API key in the Authorization header of every request:cURL
API key lifecycle
API key security best practices
Store API keys securely
Store API keys securely
- Never commit API keys to version control
- Use environment variables or secure secret management systems
- Rotate API keys periodically as a security best practice
Limit API key exposure
Limit API key exposure
- Only share API keys with authorized team members
- Use separate API keys for different environments when possible
- Monitor API usage for unexpected patterns
Handle API key errors gracefully
Handle API key errors gracefully
- Implement proper error handling for
401 Unauthorizedresponses - Log authentication failures for security monitoring
- Have a process to quickly rotate compromised API keys
Authentication errors
If authentication fails, you’ll receive a401 Unauthorized response:
Common authentication issues
| Issue | Solution |
|---|---|
Missing Bearer prefix | Ensure your Authorization header includes Bearer before the API key |
| Expired or revoked API key | Contact your Customer Success Manager for a new API key |
| Wrong environment | Verify you’re using the correct base URL (staging vs production) |
| Whitespace in API key | Trim any extra spaces from your API key value |