Skip to main content

API Key Authentication

The First Answer API uses API keys to authenticate requests. Every request to the /v1/ endpoints must include a valid API key in the request headers. 
curl -H "api-key: YOUR_API_KEY" \
  https://api.firstanswer.ai/v1/brands/
API keys grant access to your account data. Keep them secure and never expose them in client-side code, public repositories, or browser requests.

Obtaining an API Key

1

Navigate to API settings

Log in to the First Answer platform and go to Settings → API Keys.
2

Create a new key

Click Create API Key and give it a descriptive name (e.g. “Production Dashboard”, “Internal Analytics”).
3

Copy your key

Your API key will be displayed only once. Copy it and store it securely. If you lose it, you’ll need to generate a new one.

Using Your API Key

Include the API key in the api-key header of every request: 
curl -H "api-key: YOUR_API_KEY" \
  https://api.firstanswer.ai/v1/brands/

Key Expiration

API keys are valid for 6 months from the date of creation. After expiration, requests made with the key will return a 401 error: 
{
  "error": {
    "code": "AUTHENTICATION_FAILED",
    "message": "API key has expired."
  }
}
Generate a new key before the current one expires to avoid service interruptions.

Error Responses

Missing API Key

If no api-key header is provided, the API will return:
401
{
  "error": {
    "code": "AUTHENTICATION_FAILED",
    "message": "Authentication credentials were not provided."
  }
}

Invalid API Key

If the key is incorrect or has been revoked:
401
{
  "error": {
    "code": "AUTHENTICATION_FAILED",
    "message": "Invalid or inactive API key."
  }
}

Expired API Key

If the key has passed its expiration date:
401
{
  "error": {
    "code": "AUTHENTICATION_FAILED",
    "message": "API key has expired."
  }
}

Best Practices

Never hardcode API keys in your source code. Store them as environment variables:
export FIRSTANSWER_API_KEY="your-key-here"

import os
api_key = os.environ["FIRSTANSWER_API_KEY"]
Don’t wait for keys to expire. Create a new key, update your integrations, then revoke the old one.
Name your keys after their purpose (e.g. “Looker Dashboard”, “Internal Slack Bot”) so you can easily manage and revoke them.
If a key is no longer needed, revoke it immediately in your API settings. This prevents unauthorized access.
API keys should only be used in server-side code. Never include them in frontend JavaScript, mobile apps, or any publicly accessible code.