CaseBender Endpoints
View the OpenAPI specification file
Authentication
All API endpoints require authentication using API keys. You must include both headers in every API request:x-api-key: Your Access Key (public identifier)x-api-secret: Your Secret Key (private authentication token)
Creating API Keys
To create API keys:- Log in to your CaseBender instance
- Navigate to Account Settings → API Keys
- Click Create to generate a new API key pair
- Save both keys immediately - the Secret Key is displayed only once and cannot be retrieved later
- Access Key: A public identifier that can be viewed later
- Secret Key: A private token shown only once - if lost, you must create a new key pair
Using API Keys
Include both headers in all API requests:Using cURL
Using Python (requests library)
Using JavaScript/Node.js (fetch)
Common Authentication Errors
-
401 Unauthorized:
- Missing
x-api-keyheader - Missing
x-api-secretheader - Incorrect key values
- API key has expired (if expiration was set)
- API key has been revoked
- Missing
-
Troubleshooting:
- Verify both headers are included and spelled correctly (case-sensitive)
- Ensure there are no extra spaces or line breaks in the key values
- Check that your API key hasn’t expired or been revoked
- Create a new API key pair if you’ve lost your Secret Key
Security Best Practices
- Never share your Secret Key - treat it like a password
- Rotate API keys regularly - revoke old keys and create new ones periodically
- Use different keys for different applications - this allows you to revoke access per application
- Set expiration dates - configure API keys to expire automatically when possible