Every call to the Citadel API requires you to use your API keys, which consist of a Client IDClient ID - The unique identifier passed into the X-Access-Client-Id header of every API request to authorize it. and an Access keyAccess key - The unique key passed into the X-Access-Secret header of every API request to authorize it.. Your Client IDClient ID - The unique identifier passed into the X-Access-Client-Id header of every API request to authorize it. will remain the same regardless of your environment, but you will get a different Access key for each environment. You'll be able to tell which key is used for which environment because the key will be prefixed with sandbox, dev or prod.

All API requests require the X-Access-Client-Id and X-Access-Secret headers which should contain your Client IDClient ID - The unique identifier passed into the X-Access-Client-Id header of every API request to authorize it. and Access keyAccess key - The unique key passed into the X-Access-Secret header of every API request to authorize it. respectively.

Your API keys carry many privileges, so be sure to keep them secure! Do not share your Client IDClient ID - The unique identifier passed into the X-Access-Client-Id header of every API request to authorize it. or Access keyAccess key - The unique key passed into the X-Access-Secret header of every API request to authorize it. with anyone and make sure to never use your API keys in the front end of your application.