Authentication
Secure your API requests with proper authentication.
API Key Authentication
The LosCenotes Partner API uses API keys to authenticate requests.
X-API-Key Header
Include your API key in the X-API-Key header:
X-API-Key: pk_live_your_api_key
Example Request
curl -X GET "https://service-gateway.loscenotes.com/partner/cenotes" \
-H "X-API-Key: pk_live_your_api_key" \
-H "Content-Type: application/json"
API Key Format
Production Keys
- Prefix:
pk_live_ - Purpose: Live production environment
- Features:
- Real transactions
- Standard rate limits
- Production data access
Example:
pk_live_abc123def456ghi789jkl012mno345pqr678stu
Security Best Practices
1. Keep Your Keys Secure
⚠️ Warning
Never expose your API keys in:
- Client-side code
- Public repositories
- Mobile applications
- Browser JavaScript
2. Use Environment Variables
// Good ✓
const apiKey = process.env.LOSCENOTES_API_KEY;
// Bad ✗
const apiKey = "pk_live_1234567890abcdef";
3. Rotate Keys Regularly
- Generate a new API key
- Update your application
- Verify everything works
- Revoke the old key
Error Responses
Invalid API Key
HTTP Status: 401 Unauthorized
{
"success": false,
"error": {
"code": "INVALID_API_KEY",
"message": "The provided API key is invalid",
"status": 401
}
}
Missing Authentication
HTTP Status: 401 Unauthorized
{
"success": false,
"error": {
"code": "AUTHENTICATION_REQUIRED",
"message": "Authentication is required for this endpoint",
"status": 401
}
}
Insufficient Permissions
HTTP Status: 403 Forbidden
{
"success": false,
"error": {
"code": "INSUFFICIENT_PERMISSIONS",
"message": "Your API key doesn't have permission for this action",
"status": 403
}
}
Testing Authentication
Test your authentication setup with a simple request:
curl -X GET "https://service-gateway.loscenotes.com/partner/cenotes" \
-H "X-API-Key: pk_live_your_api_key" \
-H "Content-Type: application/json"
Successful response:
{
"success": true,
"message": "cenotes.list_retrieved_successfully",
"data": [...],
"pagination": {
"total": 25,
"perPage": 10,
"currentPage": 1,
"lastPage": 3
}
}
Code Examples
JavaScript / Node.js
const response = await fetch('https://service-gateway.loscenotes.com/partner/cenotes', {
method: 'GET',
headers: {
'X-API-Key': process.env.LOSCENOTES_API_KEY,
'Content-Type': 'application/json',
'Accept-Language': 'es'
}
});
const data = await response.json();
if (!data.success) {
console.error('Error:', data.error.message);
} else {
console.log('Cenotes:', data.data);
}
Python
import os
import requests
api_key = os.environ.get('LOSCENOTES_API_KEY')
response = requests.get(
'https://service-gateway.loscenotes.com/partner/cenotes',
headers={
'X-API-Key': api_key,
'Content-Type': 'application/json',
'Accept-Language': 'es'
}
)
data = response.json()
if data['success']:
print('Cenotes:', data['data'])
else:
print('Error:', data['error']['message'])
PHP
<?php
$apiKey = getenv('LOSCENOTES_API_KEY');
$ch = curl_init();
curl_setopt_array($ch, [
CURLOPT_URL => 'https://service-gateway.loscenotes.com/partner/cenotes',
CURLOPT_RETURNTRANSFER => true,
CURLOPT_HTTPHEADER => [
'X-API-Key: ' . $apiKey,
'Content-Type: application/json',
'Accept-Language: es'
]
]);
$response = curl_exec($ch);
curl_close($ch);
$data = json_decode($response, true);
if ($data['success']) {
print_r($data['data']);
} else {
echo 'Error: ' . $data['error']['message'];
}