The Sandbox API use key-secret based authentication. Upon signup, you can generate an API key and Secret key through the dashboard. An API key is a public key to authenticate and authorize access and identify users when calling any Sandbox API. A Secret key is a private key to authenticate your access for the given API request. You can view and manage your API key & API secret in the Sandbox API Dashboard. We require all API calls to be made over HTTPS connections.
You can create a new API key for each project with different subscriptions and use them on multiple projects at once. You will be able to see separate subscriptions and analytics per API key.
Sandbox uses OAuth 2.0 to facilitate authentication and authorization on the APIs, an industry-standard framework for authentication and authorization. OAuth allows users to share their data without giving partner applications access to their login credentials. Users can then revoke access to their data at any time.
Do not expose your api secret by embedding it in a mobile app or a client side application. Do not expose the access token you obtain for a session to the public either.