API Keys
All PrairieCloud API endpoints require authentication via an API key. This guide covers everything you need to know about creating, using, rotating, and securing your keys.
Getting an API Key
Manage your API keys in the Developer Dashboard.
- Sign up at dashboard.prairiecloud.io
- Navigate to Keys in the left sidebar
- Click Create API Key
- Give your key a descriptive name (e.g.,
production,my-research-project) - Copy the key immediately — it is shown only once
Keys are prefixed with pck_live_ and have the format:
pck_live_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
For security, the full key is shown only at creation time. If you lose it, you'll need to rotate (which generates a new key and revokes the old one).
Using the X-API-Key Header
Include your API key in the X-API-Key request header:
curl -H "X-API-Key: pck_live_YOUR_KEY_HERE" \
"https://api.prairiecloud.io/v1/data?variables=pop_total&geo=state:48"
The header name is case-insensitive per HTTP spec. All of these are equivalent:
X-API-Key: pck_live_...
x-api-key: pck_live_...
X-Api-Key: pck_live_...
Alternative: Query Parameter
For quick testing, you can pass the key as a query parameter. Do not use this in production — query parameters appear in server logs and browser history:
curl "https://api.prairiecloud.io/v1/data?variables=...&geo=...&api_key=pck_live_..."
Key Rotation
Rotate a key when:
- You suspect it has been compromised
- You want to retire a key used by a former team member
- You're rotating as part of a regular security policy
Steps:
- In the dashboard, go to Keys → click your key → Rotate Key
- A new key is generated and the old one is revoked simultaneously
- Update your application to use the new key
- Verify your application works with the new key
We recommend creating a second key, migrating your application to it, then revoking the first key. This avoids any gap in service.
Revoking a Key
To permanently disable a key:
- Dashboard → Keys → click your key → Revoke Key
- Confirm the action
A revoked key immediately returns 401 Unauthorized on any request. Revocation cannot be undone.
Security Best Practices
Never embed your API key in source code. Use environment variables:
# In your shell / deployment environment:
export PRAIRIECLOUD_API_KEY="pck_live_..."
# Python
import os
api_key = os.environ["PRAIRIECLOUD_API_KEY"]
// Node.js
const apiKey = process.env.PRAIRIECLOUD_API_KEY;
Never commit your key to version control. Add .env files to .gitignore. Use a secret manager (AWS Secrets Manager, GitHub Actions Secrets, etc.) in CI/CD pipelines.
Use one key per environment. Maintain separate keys for development, staging, and production. This lets you revoke a compromised key without affecting other environments.
Audit regularly. Review your active keys in the dashboard. Revoke any keys that are no longer needed.
What to Do If a Key Is Compromised
- Immediately revoke the key from the dashboard
- Check your usage logs for unauthorized requests
- Create a new key and deploy it to your application
- If you suspect data exfiltration, contact [email protected]
Error Responses
| Response | Meaning |
|---|---|
401 Unauthorized | Key is missing, invalid, or revoked |
429 Too Many Requests | Rate limit exceeded — see Rate Limiting |
See the Error Handling guide for the full error response format.
Billing & Plan Management
View pricing and upgrade at Billing. Upgrading increases your monthly quota and per-minute burst limit.
Next Steps
- Quickstart — Make your first API call in 5 minutes
- Rate Limiting — Understand quota limits and how to handle 429 responses
- Error Handling — Full RFC 7807 error format and error code reference
- Python Examples — See API key usage in Python code
- JavaScript Examples — See API key usage in JavaScript code