Skip to content
Reeflow
Start Building

Basic Authentication

Basic Authentication uses standard HTTP Basic authentication to authenticate API requests. This is the fastest way to get started with Reeflow APIs.

How it works

Section titled “How it works”

HTTP Basic authentication is straightforward:

  1. Get your API key: Obtain an API key (ID and secret) from the Reeflow Console
  2. Format the credentials: Combine your key ID and secret as key_id:secret
  3. Encode and add header: Base64 encode the credentials and send Authorization: Basic {encoded_credentials} with every request

The server decodes your credentials, validates them, and processes the request if they’re valid and enabled.

What you’ll need

Section titled “What you’ll need”

API credentials (from your Reeflow Console):

  • API key ID (starts with key_)
  • API key secret (64-character random string)

HTTP header (required on every request):

  • Authorization: Basic {base64_encoded_credentials}

Making authenticated requests

Section titled “Making authenticated requests”

Basic example

Section titled “Basic example”

Here’s how to make a simple GET request:

const API_KEY_ID = 'key_abc123xyz';
const API_KEY_SECRET = 'a1b2c3d4e5f6789abcdef0123456789abcdef0123456789abcdef0123456789abc';


const credentials = Buffer.from(`${API_KEY_ID}:${API_KEY_SECRET}`).toString('base64');
const response = await fetch('https://api.reeflow.com/connections', {
  method: 'GET',
  headers: {
    Authorization: `Basic ${credentials}`,
  },
});


if (!response.ok) {
  throw new Error(`Request failed: ${response.status} ${response.statusText}`);
}


const connections = await response.json();
console.log(connections);

POST request with body

Section titled “POST request with body”

Here’s how to create a new connection:

const API_KEY_ID = 'key_abc123xyz';
const API_KEY_SECRET = 'a1b2c3d4e5f6789abcdef0123456789abcdef0123456789abcdef0123456789abc';


const connectionData = {
  name: 'My Database',
  type: 'pg',
  config: {
    host: 'localhost',
    port: 5432,
    database: 'mydb',
    user: 'myuser',
    password: 'mypassword',
    ssl: false,
  },
};


const credentials = Buffer.from(`${API_KEY_ID}:${API_KEY_SECRET}`).toString('base64');
const response = await fetch('https://api.reeflow.com/connections', {
  method: 'POST',
  headers: {
    Authorization: `Basic ${credentials}`,
    'Content-Type': 'application/json',
  },
  body: JSON.stringify(connectionData),
});


if (!response.ok) {
  throw new Error(`Request failed: ${response.status} ${response.statusText}`);
}


const newConnection = await response.json();
console.log('Created:', newConnection);

Security considerations

Section titled “Security considerations”

While Basic Authentication is convenient and secure when used properly, keep these best practices in mind:

✅ Do

Section titled “✅ Do”
  • HTTPS only - Reeflow APIs only accept HTTPS requests, ensuring your credentials are always encrypted in transit
  • Store credentials in environment variables - Never hardcode API keys in your source code
  • Use secure storage - Consider using secret management services like AWS Secrets Manager or Azure Key Vault
  • Rotate keys regularly - Generate new API keys periodically and update your applications
  • Monitor API key usage - Check the last_used_at field in your API keys to detect unauthorized usage

❌ Don’t

Section titled “❌ Don’t”
  • Don’t log Basic auth credentials - Ensure your logging doesn’t capture Authorization headers
  • Don’t commit credentials - Use .gitignore to exclude environment files from version control
  • Don’t share keys - Each service should have its own API key pair
  • Don’t use in untrusted environments - For maximum security in sensitive applications, consider HMAC Signature Mode

Troubleshooting

Section titled “Troubleshooting”

Common issues and their solutions:

ErrorPossible CauseSolution
401 Unauthorized: Invalid API keyWrong API key ID or key not foundVerify your API key ID and ensure the key exists in your Reeflow Console
401 Unauthorized: Invalid API key secretWrong secret in Basic auth credentialsCheck your API key secret and ensure it matches exactly
401 Unauthorized: Invalid Basic auth formatCredentials format is incorrectEnsure credentials are properly base64 encoded in format Basic {encoded_credentials}
403 Forbidden: API key is disabledAPI key has been disabledRe-enable the API key in your Reeflow Console
400 Bad Request: Multiple credentials providedBoth Authorization and X-API-Key headers sentUse only one authentication method per request

Next steps

Section titled “Next steps”
  • Ready for production? Consider upgrading to HMAC Signature Mode for enhanced security
  • Need help? Check the API Reference for complete endpoint documentation
  • Want to test? Use tools like Postman, Insomnia, or curl to experiment with the API

Basic Authentication gives you a fast path to integration while maintaining security through mandatory HTTPS encryption. When you’re ready to implement additional security layers, HMAC Signature Mode provides request signing, replay protection, and ensures your API secrets are never transmitted in requests.