Getting Started
Authentication

Authentication

All API requests require authentication using an API key. This guide covers everything you need to know about authentication, security best practices, and API key management.

Overview

TranslatePlus API uses API key authentication. Every request must include your API key in the X-API-KEY header. Your API key is unique to your account and carries full access to your account's resources, so keep it secure.

Getting Your API Key

  1. Sign up for a TranslatePlus account (or log in if you already have one)
  2. Navigate to the API Keys section in your dashboard
  3. Generate a new API key or copy your existing one
  4. Store it securely - you'll need it for all API requests

Using Your API Key

Basic Usage

Include your API key in the X-API-KEY header with every request:

curl https://api.translateplus.io/v2/translate \
  -H "X-API-KEY: your_api_key_here" \
  -H "Content-Type: application/json" \
  -d '{
    "text": "Hello, world!",
    "source": "en",
    "target": "fr"
  }'

Using Environment Variables

Never hardcode your API key in your source code. Instead, use environment variables:

# Set environment variable
export TRANSLATEPLUS_API_KEY="your_api_key_here"
 
# Use in curl
curl https://api.translateplus.io/v2/translate \
  -H "X-API-KEY: $TRANSLATEPLUS_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"text": "Hello", "source": "en", "target": "fr"}'

Configuration Files

For local development, use a .env file (and add it to .gitignore):

# .env file
TRANSLATEPLUS_API_KEY=your_api_key_here

Python (.env with python-dotenv):

from dotenv import load_dotenv
import os
 
load_dotenv()
API_KEY = os.getenv('TRANSLATEPLUS_API_KEY')

Node.js (.env with dotenv):

require('dotenv').config();
const API_KEY = process.env.TRANSLATEPLUS_API_KEY;

Security Best Practices

⚠️

Critical Security Rules:

  1. Never commit API keys to version control

    • Add .env to your .gitignore
    • Use environment variables or secret management services
    • Review your Git history if you accidentally committed a key

  2. Restrict key access

    • Only share key with trusted team members
    • Use secret management services (AWS Secrets Manager, HashiCorp Vault, etc.)
    • Never expose keys in client-side code or public repositories

  3. Use HTTPS only

    • Always use HTTPS endpoints
    • Never send API keys over unencrypted connections

API Key Management

Generating New Keys

  1. Go to API Keys in your dashboard
  2. Click "Reset API Key"
  3. Copy the key.
  4. Store it securely

Revoking Keys

If your API key is compromised or you no longer need it:

  1. Go to API Keys in your dashboard
  2. Click "Reset API Key"
⚠️

Important: Reset API Key immediately invalidates it. All requests using that key will fail. Make sure to update all applications it.

Authentication Errors

Missing API Key

Error: 403 Forbidden

{
  "detail": "API key is required. Please provide X-API-KEY header."
}

Solution: Include the X-API-KEY header in your request.

Invalid API Key

Error: 403 Forbidden

{
  "detail": "Invalid API key. Please check your API key and try again."
}

Possible causes:

  • API key is incorrect or mistyped
  • API key has been reset

Solution:

  1. Verify the API key in your dashboard
  2. Check for typos or extra spaces

Expired or Revoked Key

Error: 403 Forbidden

{
  "detail": "API key has been revoked or is no longer valid."
}

Solution:

  1. Check your API Keys to see if the key was reset
  2. Reset a new API key
  3. Update all applications using the old key

Rate Limiting and Authentication

Rate limits are applied per API key. This means:

  • Each API key has its own rate limit quota
  • Rate limit headers are included in responses:
    • X-RateLimit-Limit - Maximum requests per time window
    • X-RateLimit-Remaining - Remaining requests in current window
    • X-RateLimit-Reset - Time when the rate limit resets

For more information, see the Rate Limits guide.

Testing Your API Key

You can test your API key using the health endpoint:

curl https://api.translateplus.io/health \
  -H "X-API-KEY: your_api_key"

A successful response indicates your API key is valid:

{
  "status": "healthy",
  "timestamp": "2025-01-15T10:30:00Z"
}

Troubleshooting

API Key Not Working

  1. Check the header name: Must be exactly X-API-KEY (case-sensitive)
  2. Check for spaces: Ensure no leading/trailing spaces in the key
  3. Verify the key: Copy it fresh from your dashboard
  4. Check account status: Ensure your account is active
  5. Check credits: Verify you have sufficient credits

Key Works in Dashboard but Not in Code

  1. Environment variable not loaded: Verify your .env file is being read
  2. Wrong variable name: Check the environment variable name matches
  3. Caching issues: Restart your application/server
  4. Scope issues: Ensure the variable is accessible where it's used

Best Practices Checklist

  • API key stored in environment variable
  • .env file added to .gitignore
  • No API keys in source code or config files
  • HTTPS used for all requests
  • Error handling implemented for auth failures

Related Documentation

IntroductionQuick Start