Docs/Authentication

Authentication

Learn how to authenticate your API requests securely.

Overview

Council DA API uses API keys for authentication. Every request must include your API key in the X-API-Key header.

curl -X GET "https://api.councilapi.com.au/v1/applications" \
  -H "X-API-Key: cda_str_abc123xyz789..."

Getting Your API Key

  1. Sign in to your Dashboard
  2. Navigate to API Keys in the sidebar
  3. Click "Create New Key"
  4. Give your key a descriptive name (e.g., "Production Server")
  5. Copy the key immediately - it won't be shown again

API Key Format

API keys follow a specific format that indicates the plan tier:

PrefixPlanExample
cda_str_Startercda_str_abc123...
cda_pro_Procda_pro_def456...
cda_bus_Businesscda_bus_ghi789...

Security Best Practices

Use environment variables

Store your API key in environment variables, not in code.

# .env file
COUNCIL_API_KEY=cda_str_abc123...

# Python
import os
api_key = os.environ.get("COUNCIL_API_KEY")

Never commit keys to git

Add .env to your .gitignore file.

Use separate keys for environments

Create different API keys for development, staging, and production.

Rotate keys periodically

Regenerate your API keys periodically and if you suspect they've been compromised.

Enable IP whitelisting (Business)

Business plans can restrict API key usage to specific IP addresses.

Authentication Errors

StatusErrorCause
401Missing API KeyNo X-API-Key header provided
401Invalid API KeyKey doesn't exist or has been revoked
403IP Not AllowedRequest IP not in whitelist (Business)
403Key ExpiredAPI key has passed its expiration date

Rate Limits →

Learn about usage limits

Error Codes →

Handle errors gracefully