Authentication
How to authenticate requests to the Adopture API.
Adopture uses App Keys to authenticate API requests. The key is included in the request body, not as a header.
App Key Format
App Keys follow the format ak_ followed by 24 alphanumeric characters:
ak_a1b2c3d4e5f6g7h8i9j0k1l2Finding Your App Key
- Open the Adopture dashboard
- Navigate to your app
- Go to Settings
- Your App Key is displayed in the App Key section
Using Your App Key
Include the app_key field in the request body of every API call:
{
"app_key": "ak_your_app_key_here",
"events": [...]
}The App Key is not sent as a header. It is a top-level field in the JSON request body.
Security Considerations
The App Key identifies your app and is included in client-side code (your mobile app or web application). Treat it as semi-public — it does not grant access to your dashboard or any data. It only allows sending events to your app's ingestion endpoint.
The App Key alone cannot:
- Read analytics data
- Access your dashboard
- Modify app settings
- Delete any data
Regenerating Your App Key
If you need to invalidate your current key:
- Go to your app's Settings in the Adopture dashboard
- Scroll to the Danger Zone section
- Click Regenerate App Key
- Confirm the action
The old key is immediately invalidated. Any requests using the old key will receive a 401 error. Update your SDK configuration with the new key before deploying.
CORS
The ingestion endpoint (/api/v1/events) allows requests from any origin:
Access-Control-Allow-Origin: *This means you can send events from web applications, not just native mobile apps. No additional CORS configuration is needed.