Authentication
All requests to the TestMachine Token Custody API require an API key.
All API endpoints are relative to:
https://api.testmachine.ai
API keys are issued per customer/account.
If you don’t have a key yet (or need a new one), request one from TestMachine support or your TestMachine point of contact.
Treat your API key like a password. Do not commit it to source control or embed it in client-side applications.
Send your API key
Authenticate by sending your API key with every request using the X-API-Key header:
X-API-Key: <YOUR_API_KEY>
curl "https://api.testmachine.ai/<endpoint>" \
-H "X-API-Key: $TESTMACHINE_API_KEY"
Authentication failures
If authentication fails, you’ll typically see one of the following:
401 Unauthorized — missing/invalid API key
403 Forbidden — valid API key, but not permitted for the requested resource
For the error response format, see Errors.
Security & operational best practices
Store the key in an environment variable (for example TESTMACHINE_API_KEY).
Rotate keys periodically and immediately if you suspect leakage.
Use separate keys for production vs. development if your account supports it.
Last updated
