API Reference

Authentication

Learn how to authenticate your API requests with CHeKT Public API

Authentication

The CHeKT Public API uses Bearer Token authentication to secure all API requests. You must include a valid API Key in the Authorization header of every request.

Pre-Requisites

Before you can use the CHeKT Public API, you need to ensure that:

API Key Required

An API Key must be enabled for your dealer account. You can manage your API Keys through the CHeKT Dealer Portal.

Accessing API Keys

To access and manage your API Keys:

  1. Log in to your CHeKT Dealer Portal
  2. Click on the Settings gear icon (⚙️)
  3. Navigate to API Keys under Developer Settings
  4. You will need "Developer Tools" permissions to access this section

Permissions Required

Your account must have "Developer Tools" permissions to view and manage API Keys. Contact your account administrator if you don't have access.

Generating an API Key

When you generate a new API Key:

  1. Click "Generate New API Key" in the API Keys section
  2. Save the key immediately in a safe and secure place
  3. The key will only be shown once and cannot be retrieved later

Important Security Note

  • Store your API Key securely - treat it like a password
  • Never commit API Keys to version control
  • Never share your API Key in public forums or repositories

Managing API Keys

Lost or Compromised Keys

If you lose your API Key or believe it has been compromised:

  1. Generate a new API Key in the Developer Settings
  2. Update your applications with the new key
  3. Disable the old API Key to prevent unauthorized access

Key Rotation

You can generate a new API Key at any time and disable the old one without losing access to your account.

API Usage

Base URL

All API requests should be directed to:

https://api.chekt.com

Authentication Header

Include your API Key in the Authorization header using the Bearer Token scheme:

Authorization: Bearer YOUR_API_KEY

Example Request

Here's an example of an authenticated API request:

curl -X GET https://api.chekt.com/v1/sites \
  -H "Authorization: Bearer your_api_key_here" \
  -H "Content-Type: application/json"

Authentication Errors

If authentication fails, you'll receive one of the following error responses:

401 Unauthorized

{
  "error": "Unauthorized",
  "message": "Invalid or missing API Key"
}

403 Forbidden

{
  "error": "Forbidden",
  "message": "API Key does not have permission to access this resource"
}

Best Practices

Rate Limiting

All API requests are subject to rate limiting to ensure system stability:

  • Rate Limit: 1000 requests per hour per API Key
  • Rate limit information is included in response headers:
    • X-RateLimit-Limit: Maximum requests per hour
    • X-RateLimit-Remaining: Remaining requests in current window
    • X-RateLimit-Reset: Time when the rate limit resets (Unix timestamp)

Rate Limit Exceeded

If you exceed the rate limit, you'll receive a 429 Too Many Requests response. Wait until the rate limit resets before making additional requests.

Next Steps

Now that you understand authentication, explore the available API endpoints:

Next Steps