This guide covers everything you need to know about authenticating with the DRIP API, managing API keys, and handling authentication in your applications.

Overview

The DRIP API uses Bearer token authentication with API keys. Every request must include a valid API key in the Authorization header.

Managing API Keys

Creating API Keys

1

Access Developer Portal

Navigate to your DRIP dashboard and go to Admin > Developer
2

Create API Client

Go to the Project API tab and click Create API Client. Choose appropriate scopes and provide a descriptive name
3

Copy and Store

Copy the API key immediately - you won’t be able to see it again
4

Test the Key

Make a test API call to verify the key works correctly

Implementation Examples

Environment Variables

Store your API keys securely using environment variables:
Finding your Realm (Project) ID: It’s displayed in the dashboard header when you select your project.
DRIP_API_KEY=your_api_key_here
DRIP_REALM_ID=your_realm_id_here
DRIP_BASE_URL=https://api.drip.re/api/v1

API Client Class

Create a reusable client class for your applications: 
class DripClient {
  constructor(apiKey, realmId) {
    this.apiKey = apiKey;
    this.realmId = realmId;
    this.baseUrl = 'https://api.drip.re/api/v1';
  }

  async request(method, endpoint, data = null) {
    const url = `${this.baseUrl}${endpoint}`;
    const options = {
      method,
      headers: {
        'Authorization': `Bearer ${this.apiKey}`,
        'Content-Type': 'application/json'
      }
    };

    if (data) {
      options.body = JSON.stringify(data);
    }

    const response = await fetch(url, options);
    
    if (!response.ok) {
      throw new Error(`API Error: ${response.status} ${response.statusText}`);
    }

    return response.json();
  }

  // Helper methods
  async getRealm() {
    return this.request('GET', `/realms/${this.realmId}`);
  }

  async searchMembers(type, values) {
    return this.request('GET', `/realm/${this.realmId}/members/search?type=${type}&values=${values}`);
  }
}

// Usage
const client = new DripClient(process.env.DRIP_API_KEY, process.env.DRIP_REALM_ID);

Error Handling

Handle authentication errors gracefully: 
async function handleApiCall(apiCall) {
  try {
    return await apiCall();
  } catch (error) {
    if (error.status === 401) {
      console.error('Authentication failed - check your API key');
      // Redirect to re-authenticate or refresh key
    } else if (error.status === 403) {
      console.error('Insufficient permissions for this operation');
    } else {
      console.error('API call failed:', error.message);
    }
    throw error;
  }
}

Security Best Practices

Secure Storage

  • Store API keys in environment variables
  • Use secure key management services in production
  • Never commit keys to version control

Key Rotation

  • Rotate API keys regularly (monthly/quarterly)
  • Have a process for emergency key rotation
  • Revoke unused or compromised keys immediately

Network Security

  • Always use HTTPS for API requests
  • Implement request signing for extra security
  • Use IP allowlisting when possible

Monitoring

  • Monitor API key usage patterns
  • Set up alerts for unusual activity
  • Log authentication failures for security analysis

Testing Authentication

Use this simple test to verify your authentication setup: 
async function testAuth() {
  try {
    const response = await fetch(`https://api.drip.re/api/v1/realms/${DRIP_REALM_ID}`, {
      headers: {
        'Authorization': `Bearer ${DRIP_API_KEY}`
      }
    });

    if (response.ok) {
      const realm = await response.json();
      console.log('✅ Authentication successful!');
      console.log(`Connected to realm: ${realm.name}`);
    } else {
      console.log('❌ Authentication failed');
    }
  } catch (error) {
    console.error('Error testing authentication:', error);
  }
}

Troubleshooting

Common authentication issues and solutions: