Authentication

The Pradeo Security API uses a two-key authentication system to secure all requests.

Authentication Method

All authenticated requests must include two headers:

• x-access-key: Your company's access key
• x-secret-key: Your personal secret key

Getting Your Credentials

Access Key

The access key can be retrieved from:

1. Navigate to the Company page
2. Go to the Access key management subtab
3. Copy your access key

The access key is shared across your organization and identifies your company.

Secret Key

The secret key is unique to your user account:

1. Click on your profile in the top right corner (profile drawer)
2. Generate or copy your secret key

The secret key is personal and should never be shared.

Making Authenticated Requests

curl -X GET "https://api.<tenant>.pradeo-security.com/v2/devices" \
  -H "x-access-key: YOUR_ACCESS_KEY" \
  -H "x-secret-key: YOUR_SECRET_KEY"

Security Best Practices

• Never commit your secret key to version control
• Store credentials securely (environment variables, secret managers)
• Use HTTPS for all API requests
• Generate a new secret key if yours is compromised
• Never share your secret key with others

Next Steps

• API Basics - Learn about API structure
• Quick Start - Make your first API call