Authentication

Learn how to authenticate your API requests.

Authentication

All requests to the Traceline API must include an API key in the X-API-Key header. API keys are generated from your dashboard.

X-API-Key: trl_live_a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4

Key Format

API keys follow a consistent format for easy identification:

  • trl_live_ All keys start with trl_live_ for easy identification and secret scanning.
  • Body 32 hexadecimal characters generated with a cryptographically secure random generator.
  • Full Example trl_live_a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4

Key Storage & Security

API keys are hashed using SHA-256 on our servers. The plaintext key is only displayed once at creation time and cannot be retrieved afterward. If you lose a key, revoke it and create a new one.

Security Best Practices

  • Store keys in environment variables, never hardcode them.
  • Add your .env files to .gitignore to prevent accidental commits.
  • Rotate keys periodically and revoke unused ones.
  • Use separate keys for development and production.

Example Requests

All requests to the Traceline API must include an API key in the X-API-Key header. API keys are generated from your dashboard.

cURL

curl -X POST https://api.trace-line.site/v1/palm/analyze \
  -H "X-API-Key: trl_live_YOUR_KEY_HERE" \
  -H "Content-Type: application/json" \
  -d '{"image": "<base64-encoded-image>"}'

Python

import os
import requests
import base64

api_key = os.environ["TRACELINE_API_KEY"]

with open("palm.jpg", "rb") as f:
    image_b64 = base64.b64encode(f.read()).decode()

response = requests.post(
    "https://api.trace-line.site/v1/palm/analyze",
    headers={
        "X-API-Key": api_key,
        "Content-Type": "application/json",
    },
    json={"image": image_b64},
)

print(response.json())

JavaScript

import { readFileSync } from "fs";

const apiKey = process.env.TRACELINE_API_KEY;
const image = readFileSync("palm.jpg").toString("base64");

const res = await fetch(
  "https://api.trace-line.site/v1/palm/analyze",
  {
    method: "POST",
    headers: {
      "X-API-Key": apiKey,
      "Content-Type": "application/json",
    },
    body: JSON.stringify({ image }),
  }
);

const data = await res.json();
console.log(data);