Authenticating with the Trackpac API
Trackpac supports two authentication methods:
X-API-Keyheader, which is the preferred option for all API integrations- Bearer tokens, which remain available for legacy workflows
Recommended: Use an API Key
API keys are easier to manage than login-based bearer tokens and work across the full API.
Generate an API key
- Sign in to the Trackpac app at https://app.trackpac.io.
- Open your account page at https://app.trackpac.io/account.
- Create a new API key and give it a friendly name of at least 3 characters.
- Copy and store the API key immediately. For security, it is only shown once and is stored hashed on our side.
Use the account menu to open your account page:
Then follow the API key creation flow:
You can also revoke existing API keys from the same account page at any time.
Use the API key in requests
Send your API key in the X-API-Key header on every request:
curl --request GET \
--url https://api.trackpac.io/devices \
--header 'X-API-Key: YOUR_API_KEY'
Legacy: Use a Bearer Token
Bearer-token authentication is still available for existing integrations, but new integrations should use API keys instead.
curl --request POST \
--url https://api.trackpac.io/user/login \
--header 'content-type: application/json' \
--data '{
"email": "YOUR_EMAIL",
"password": "YOUR_PASSWORD"
}'
Example response:
{
"access_token": "ACCESS_TOKEN",
"expires_in": 86400,
"token_type": "Bearer"
}
Use the returned token in the Authorization header:
curl --request GET \
--url https://api.trackpac.io/devices \
--header 'Authorization: Bearer ACCESS_TOKEN'
Security Notes
- Treat API keys and bearer tokens like passwords.
- Store credentials in a secret manager or environment variable, not in source control.
- Revoke and replace an API key immediately if it is exposed.