Documentation
Product Analytics
Authentication

Authentication

Altertable Product Analytics uses API keys for both SDKs and direct API requests. Every request is scoped to the organization that owns the key.

These keys are ingestion keys: they let your application send events and identity updates, but they do not grant access to read historical analytics data or administer your workspace.

How authentication works

You use the same Product Analytics API key across:

  • client-side SDK initialization
  • server-side SDK initialization
  • direct HTTP calls to endpoints such as /track, /identify, and /alias

The key identifies the destination organization, while the environment field in the payload determines which environment the event or identity should be written to.

Get an API key

  1. Open Product Analytics in the Altertable dashboard.
  2. Open API Keys.
  3. Copy an existing key or create a new one for the environment you need.

Use separate keys for development, staging, and production.

SDK authentication examples

Initialize your SDK once with the API key for the current environment:

import { altertable } from '@altertable/altertable-js';


altertable.init('YOUR_API_KEY', {
  environment: 'production',
});

Direct API authentication

For direct HTTP requests to POST /track, POST /identify, and POST /alias, use the same Product Analytics API key as your SDKs.

Method
How to send it
Notes
X-API-Key header
X-API-Key: YOUR_API_KEY
Recommended for server-to-server requests.
Authorization header
Authorization: Bearer YOUR_API_KEY
Equivalent to X-API-Key; useful when your client already uses Bearer auth patterns.
Query parameter
?apiKey=YOUR_API_KEY
Supported, but less preferred than headers because query strings are easier to leak into logs.

Header-based authentication is preferred because it is less likely to leak into logs and monitoring tools than query parameters.

Example using X-API-Key:

curl -X POST "https://api.altertable.ai/track?sync=true" \
  -H "X-API-Key: YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "environment":"production",
    "event":"Button Clicked",
    "properties":{"page":"pricing"}
  }'

Equivalent example using Authorization: Bearer:

curl -X POST https://api.altertable.ai/track \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "environment":"production",
    "event":"Button Clicked",
    "properties":{"page":"pricing"}
  }'

Security guidance

  • API keys are ingestion keys for product events and user identification. They cannot read historical analytics data or modify existing records.
  • Prefer sending keys in headers. Use the query parameter form only when a header is not practical.

Next steps

Crafted with <3 by former Algolia × Front × Sorare builders© 2026 AltertableTermsPrivacySecurityCookies