search

Authentication

The Opally API uses API keys for authentication. Every request must include your API key in the Authorization header as a Bearer token.

hashtag
Getting Your API Key

  1. Log in to the Opally dashboardarrow-up-right

  2. Go to Integrations

  3. Scroll to the Developer section

  4. Click Manage on the API Access card

  5. Click Generate API Key

circle-exclamation

Your full API key is only shown once at creation time. Copy it immediately and store it securely. If you lose it, you'll need to regenerate a new one (which revokes the old key).

hashtag
Using Your API Key

Include your API key in the Authorization header of every request:

Authorization: Bearer op_live_a3f2b1c4d5e6f7a8b9c0d1e2f3a4b5c6

hashtag
Example Request

curl https://api.opally.com/v1/analytics/overview \
  -H "Authorization: Bearer op_live_your_api_key_here"

hashtag
Key Format

All Opally API keys follow the format:

For example: op_live_a3f2b1c4d5e6f7a8b9c0d1e2f3a4b5c6

hashtag
Key Limits

  • One active key per company — generating a new key revokes the previous one

  • Company-scoped — your API key automatically scopes all data to your company

  • No expiration — keys remain active until manually revoked or regenerated

hashtag
Security Best Practices

  • Never expose your API key in client-side code (browser JavaScript, mobile apps)

  • Use environment variables to store your key in server-side applications

  • Rotate keys periodically by regenerating from the dashboard

  • Revoke immediately if you suspect a key has been compromised

hashtag
Authentication Errors

Status Code
Error
Meaning

401

Missing API key

No Authorization header or missing Bearer prefix

401

Invalid API key

Key is invalid, not found, or has been revoked

PreviousIntroductionNextPagination

Last updated