Overview
The DRIP API uses Bearer token authentication with API keys. Every request must include a valid API key in theAuthorization
header.
Managing API Keys
Creating API Keys
1
Access Developer Portal
Navigate to your DRIP dashboard and go to Admin > Developer
2
Create API Client
Go to the Project API tab and click Create API Client. Choose appropriate scopes and provide a descriptive name
3
Copy and Store
Copy the API key immediately - you won’t be able to see it again
4
Test the Key
Make a test API call to verify the key works correctly
Implementation Examples
Environment Variables
Store your API keys securely using environment variables:Finding your Realm (Project) ID: It’s displayed in the dashboard header when you select your project.
API Client Class
Create a reusable client class for your applications:Error Handling
Handle authentication errors gracefully:Security Best Practices
Secure Storage
- Store API keys in environment variables
- Use secure key management services in production
- Never commit keys to version control
Key Rotation
- Rotate API keys regularly (monthly/quarterly)
- Have a process for emergency key rotation
- Revoke unused or compromised keys immediately
Network Security
- Always use HTTPS for API requests
- Implement request signing for extra security
- Use IP allowlisting when possible
Monitoring
- Monitor API key usage patterns
- Set up alerts for unusual activity
- Log authentication failures for security analysis
Testing Authentication
Use this simple test to verify your authentication setup:Troubleshooting
Common authentication issues and solutions:401 Unauthorized
401 Unauthorized
403 Forbidden
403 Forbidden
Causes:
- API key lacks required permissions
- Trying to access resources outside your realm
- Account permissions changed
- Check your account permissions in the dashboard
- Ensure you’re accessing the correct realm
- Contact an admin to update permissions
Rate Limiting
Rate Limiting
Causes:
- Too many requests in a short time
- Exceeding API quotas
- Implement exponential backoff
- Check rate limit headers in responses
- Optimize request frequency