Authentication

Sales Webhooks uses API keys to authenticate requests. API keys are tied to your account and should be kept secure.

API Key Format

All Sales Webhooks API keys follow a specific format:

lwa.sk_live_abcdef1234567890abcdef1234567890

Key components:

• lwa. - Required prefix for all API keys
• sk_live_ - Indicates a secret key for production use
• 32-character alphanumeric string - The unique key identifier

Getting Your API Key

1. Log into the Sales Webhooks Console
2. Navigate to Settings → API Keys
3. Click Create New Key
4. Give your key a descriptive name (e.g., "Production Server")
5. Copy the key immediately - it won't be shown again

Using Your API Key

Include your API key in the X-API-Key header of all API requests:

cURL Example

curl https://api.saleswebhooks.com/v1/subscriptions \
  -H "X-API-Key: lwa.sk_live_YOUR_API_KEY"

JavaScript (Node.js) Example

const response = await fetch('https://api.saleswebhooks.com/v1/subscriptions', {
  headers: {
    'X-API-Key': 'lwa.sk_live_YOUR_API_KEY',
    'Content-Type': 'application/json'
  }
});

Python Example

import requests

response = requests.get(
    'https://api.saleswebhooks.com/v1/subscriptions',
    headers={
        'X-API-Key': 'lwa.sk_live_YOUR_API_KEY'
    }
)

Ruby Example

require 'net/http'
require 'uri'

uri = URI('https://api.saleswebhooks.com/v1/subscriptions')
http = Net::HTTP.new(uri.host, uri.port)
http.use_ssl = true

request = Net::HTTP::Get.new(uri)
request['X-API-Key'] = 'lwa.sk_live_YOUR_API_KEY'

response = http.request(request)

API Key Security Best Practices

# .env file (don't commit this!)
SALESWEBHOOKS_API_KEY=lwa.sk_live_YOUR_API_KEY

# In your code
const apiKey = process.env.SALESWEBHOOKS_API_KEY;

Managing API Keys

Creating Additional Keys

You can create multiple API keys for different environments or services:

curl -X POST https://api.saleswebhooks.com/v1/account/api-keys \
  -H "X-API-Key: lwa.sk_live_YOUR_EXISTING_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Development Server"
  }'

Listing Your Keys

View all API keys associated with your account:

curl https://api.saleswebhooks.com/v1/account/api-keys \
  -H "X-API-Key: lwa.sk_live_YOUR_API_KEY"

Response includes key metadata (but not the actual keys):

{
  "keys": [
    {
      "id": "key_6Vw4Ig8Kl",
      "name": "Production Server",
      "last_used_at": "2025-01-20T09:30:00Z",
      "created_at": "2025-01-15T08:00:00Z"
    },
    {
      "id": "key_8Yx9Kj2Mn",
      "name": "Development",
      "last_used_at": null,
      "created_at": "2025-01-18T14:00:00Z"
    }
  ]
}

Deleting a Key

Remove API keys that are no longer needed:

curl -X DELETE https://api.saleswebhooks.com/v1/account/api-keys/key_8Yx9Kj2Mn \
  -H "X-API-Key: lwa.sk_live_YOUR_API_KEY"

Rate Limiting

API keys are subject to rate limiting to ensure fair usage:

• Default limit: 100 requests per 15-minute window
• Limit applies per API key, not per account
• Headers returned: X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset

Example rate limit headers:

HTTP/1.1 200 OK
X-RateLimit-Limit: 100
X-RateLimit-Remaining: 95
X-RateLimit-Reset: 1705749000

Authentication Errors

Missing API Key

{
  "error": "UNAUTHORIZED",
  "message": "Missing API key. Include your API key in the X-API-Key header.",
  "timestamp": "2025-01-20T10:30:00Z"
}

Invalid API Key

{
  "error": "UNAUTHORIZED",
  "message": "Invalid API key. Check that your key is correct and active.",
  "timestamp": "2025-01-20T10:30:00Z"
}

Incorrect Key Format

{
  "error": "UNAUTHORIZED",
  "message": "Invalid API key format. Keys must start with 'lwa.' prefix.",
  "timestamp": "2025-01-20T10:30:00Z"
}

Environment-Specific Keys

We recommend using separate API keys for different environments:

Need Help?

If you're having authentication issues:

• Verify your API key in the console
• Check our troubleshooting guide
• Contact support at support@saleswebhooks.com