Skip to main content
Trackyard uses API keys for authentication. Every request to the API must include a valid API key in the Authorization header.

Creating an API Key

1

Log in to your account

Go to app.trackyard.com and sign in.
2

Navigate to API Keys

Click API Keys in the dashboard or visit app.trackyard.com/api-keys.
3

Generate a new key

Click Create API Key, give it a descriptive name (e.g., “Production App” or “Testing”), and save the key immediately.
The key is shown only once. Copy it to a secure location immediately. If you lose it, you’ll need to generate a new one.

Using Your API Key

Include your API key in the Authorization header of every request using the Bearer token scheme: 
Authorization: Bearer your_api_key_here

Example Request

curl https://api.trackyard.com/api/external/v1/me \
  -H "Authorization: Bearer $TRACKYARD_API_KEY"

Security Best Practices

Never hardcode API keys in your source code. Use environment variables instead.
# .env file (add to .gitignore!)
TRACKYARD_API_KEY=your_api_key_here

# Python
import os
API_KEY = os.environ["TRACKYARD_API_KEY"]

// Node.js
const API_KEY = process.env.TRACKYARD_API_KEY;
Create distinct API keys for development, staging, and production environments. This allows you to:
  • Revoke a compromised key without affecting other environments
  • Monitor usage separately per environment
  • Enforce different rate limits if needed
Naming convention:
  • Production - Main App
  • Staging - Test Environment
  • Development - Local Testing
As a security best practice, rotate your API keys periodically (every 90 days recommended):
  1. Generate a new API key
  2. Update your application to use the new key
  3. Test that the new key works
  4. Revoke the old key
Future feature: Assign read-only or download-only permissions to specific keys for added security.

Managing API Keys

View All Keys

In your API Keys dashboard, you can see:
  • Key name — The label you assigned
  • Created date — When the key was generated
  • Last used — Most recent API call timestamp
  • Status — Active or revoked

Revoke a Key

If a key is compromised or no longer needed:
  1. Go to app.trackyard.com/api-keys
  2. Find the key in the list
  3. Click Revoke
  4. Confirm the action
Revoking a key is immediate and irreversible. All applications using that key will stop working instantly. Make sure you’ve updated your code to use a new key first.

API Key Metadata

Use the /me endpoint to check your key’s metadata: 
curl https://api.trackyard.com/api/external/v1/me \
  -H "Authorization: Bearer $TRACKYARD_API_KEY"
Response: 
{
  "tier": "free",
  "credits_remaining": 487,
  "monthly_allowance": 500,
  "rate_limit": {
    "requests_per_minute": 10,
    "requests_per_day": 1000
  },
  "created_at": "2026-01-15T10:30:00Z",
  "last_used_at": "2026-02-20T14:22:15Z"
}

Common Authentication Errors

Cause: Missing, invalid, or expired API key.Solutions:
  • Check that your key is correct (no extra spaces or characters)
  • Verify the Authorization: Bearer format
  • Ensure the key hasn’t been revoked
  • Generate a new key if needed
Cause: API key is valid but lacks permissions for the requested action.Solutions:
  • Check your account tier (some features require paid plans)
  • Verify you’re not trying to access admin-only endpoints

Next Steps

Rate Limits & Credits

Understand how credits and rate limits work

API Quickstart

Make your first API call