Getting Api Keys

Getting Your API Keys and Setup

Before you can use the Tadabase REST API, you need to generate API credentials for your application. This guide walks you through the process and explains the authentication headers required for all requests.

Generating API Keys

Follow these steps to create API credentials:

1. Open your app in the Tadabase Builder
2. Navigate to Settings in the left sidebar
3. Click on API Keys
4. Click the Generate New API Key button
5. Copy and securely store your credentials:
   • App ID: Your application identifier
   • App Key: Public key for your API access
   • App Secret: Private key for authentication

Required Headers

Every API request must include these three authentication headers:

Header Name	Value	Description
X-Tadabase-App-id	Your App ID	Found in API Keys page or in your app URL
X-Tadabase-App-Key	Your App Key	Public key generated when creating API key
X-Tadabase-App-Secret	Your App Secret	Private key generated when creating API key

Example Request with Headers

GET https://api.tadabase.io/api/v1/data-tables

Headers:
  X-Tadabase-App-id: your_app_id_here
  X-Tadabase-App-Key: your_app_key_here
  X-Tadabase-App-Secret: your_app_secret_here

API Key Permissions

When creating or editing an API key, you can configure specific permissions to control what operations it can perform. This follows the principle of least privilege - only grant the permissions your integration actually needs.

Available Permissions

When configuring API keys in the Builder, you can enable or disable specific permissions. The /status endpoint returns these permissions using the following names:

Builder Setting	Status API Field	Controls Access To
allow_get	read	Read records (GET requests)
allow_edit	create + update	Create and update records (POST/PUT)
allow_delete	delete	Delete records (DELETE requests)
allow_task	tasks	Execute scheduled tasks via API
allow_page	pages	Access page components (API v1.1)
allow_import	imports	Trigger data imports
allow_export	exports	Trigger data exports
allow_log	logs	Access activity and security logs
allow_pdf_form	pdf_forms	Generate PDF forms via API
allow_pdf_page	pdf_pages	Generate PDF pages via API

Testing Your API Connection

Before building your integration, verify that your API credentials work correctly:

Check API Status Endpoint

Use this endpoint to test your credentials and check your current rate limits:

GET https://api.tadabase.io/api/v1/status

Headers:
  X-Tadabase-App-id: your_app_id
  X-Tadabase-App-Key: your_app_key
  X-Tadabase-App-Secret: your_app_secret

Expected Response

{
  "current_code": 200,
  "api_key": {
    "id": "4yQk924rgP",
    "status": "Active",
    "created_at": "2024-01-15 10:30:00"
  },
  "permissions": {
    "read": true,
    "create": true,
    "update": true,
    "delete": true,
    "tasks": false,
    "pages": false,
    "imports": false,
    "exports": false,
    "logs": true,
    "pdf_forms": false,
    "pdf_pages": false
  },
  "per_minute_limit": {
    "allowed": 240,
    "remaining": 239,
    "resets_in_seconds": 60,
    "reset_timestamp": 1769585195
  },
  "per_day_limit": {
    "allowed": 123456,
    "remaining": 123441,
    "resets_in_seconds": 72511,
    "reset_timestamp": 1769657646
  }
}

If you receive this response with "current_code": 200 and "status": "Active", your API credentials are working correctly!

Understanding the Response

Field	Description
api_key	Information about your API key including its ID, status, and creation date
permissions	Shows which operations this API key is allowed to perform (see permissions table above)
per_minute_limit	Your current rate limit for requests per minute
per_day_limit	Your current rate limit for requests per day

Using the API Tester

The easiest way to test your API connection is with our built-in API Tester:

1. Navigate to /api in your Tadabase instance
2. Enter your API credentials
3. Select an endpoint to test
4. Click "Send Request"

The API Tester will save your credentials (securely in your browser) for easy testing.

Common Setup Issues

Error: "API Not Found"

Cause: Invalid App ID, App Key, or App Secret

Solution: Double-check your credentials. Copy them directly from the API Keys page to avoid typos.

Error: "APP Not Found"

Cause: Incorrect App ID

Solution: Verify your App ID matches the one in Settings → API Keys.

Error: "API Disabled"

Cause: The API key was disabled in the Builder

Solution: Go to Settings → API Keys and re-enable the key, or generate a new one.

Error: "Permission Denied"

Cause: The API key doesn't have the required permission

Solution: Edit the API key in Settings → API Keys and enable the necessary permissions.

Finding Your App ID

You can find your App ID in multiple places:

• API Keys Page: Settings → API Keys shows your App ID
• App URL: Your app URL contains the App ID: https://yourapp.tadabase.io/builder/{appId}
• Browser Address Bar: When in the Builder, check the URL for your App ID

Security Best Practices

1. Use Environment Variables: Store credentials in environment variables, not in code
2. Rotate Keys Periodically: Generate new API keys every few months
3. Regenerate if Compromised: If a key is exposed, immediately generate a new one
4. Use HTTPS Only: Always connect to https://api.tadabase.io (never HTTP)
5. Minimum Permissions: Only enable permissions your integration actually needs
6. Separate Keys by Environment: Use different API keys for development, staging, and production

Next Steps

Now that you have your API credentials set up, you're ready to make your first API call!

→ Making Your First API Request

Learn how to retrieve data from your Tadabase application using the REST API.