Authentication

OMX API Authentication

Learn how to authenticate with the OMX API using API keys and secure your applications.

Authentication

Secure your API access

OMX uses API keys to authenticate requests. Your API keys carry many privileges, so be sure to keep them secure! Do not share your secret API keys in publicly accessible areas such as GitHub, client-side code, and so forth.

Security Notice: Never expose API keys in client-side code, public repositories, or unsecured environments.

Getting Your API Keys

Follow these steps to obtain your API credentials and start building with OMX.

Sign up for an OMX account

Create your developer account

Navigate to the API Keys section

Find it in your dashboard

Generate a new API key pair

Client ID and Secret Key

Copy and securely store credentials

Use environment variables

Authentication Methods

API Key Authentication

Include your API key in the Authorization header of your requests.

typescript

1curl -H "Authorization: Bearer YOUR_API_KEY" \

2 -H "Content-Type: application/json" \

3 https://api.omx.com/v1/geotriggers

SDK Authentication

Initialize the client with your credentials when using our SDKs.

typescript

1import { OMXClient } from '@omx-sdk/core';

3const omx = new OMXClient({

4 clientId: 'your_client_id',

5 secretKey: 'your_secret_key'

6});

Environment Variables

For security, always store your API credentials as environment variables.

typescript

1# .env

2OMX_CLIENT_ID=your_client_id

3OMX_SECRET_KEY=your_secret_key

5# In your application

6const omx = new OMXClient({

7 clientId: process.env.OMX_CLIENT_ID,

8 secretKey: process.env.OMX_SECRET_KEY

9});

Rate Limiting

OMX implements rate limiting to ensure fair usage across all users.

Standard Plan

1,000

requests per minute

Pro Plan

5,000

requests per minute

Enterprise Plan

Custom

requests per minute

Error Handling

Authentication errors return HTTP status codes with descriptive messages.

typescript

2 "error": {

3 "code": "unauthorized",

4 "message": "Invalid API key provided"

5 }

Security Best Practices

Follow these guidelines to keep your API keys secure and your application protected.

Never expose API keys in client-side code

Use environment variables for key storage

Implement proper error handling for auth failures

Rotate API keys regularly

Use HTTPS for all API requests

Monitor API usage and set up alerts

Next Steps

Now that you understand authentication, explore these guides to start building.

Install Core SDK

Set up the foundation

Create Geotrigger

Location-based automation

Send Email

Email integration