Skip to main content
All Triqai API requests require authentication using an API key. This guide covers how to obtain, use, and manage your API keys securely.

API Key Overview

Triqai uses API keys to authenticate requests. Each key is associated with an organization and determines:
  • Access permissions: Which endpoints you can access
  • Rate limits: How many requests you can make per minute
  • Credit usage: Which organization’s credits are consumed

Key Formats

Triqai API key format is as follows: triq_xxxxx...

Getting Your API Key

1

Sign in to your account

Go to triqai.com/login and sign in.
2

Navigate to API Keys

In your dashboard, find the API Keys section.
3

Copy your key

Copy your API key. You can generate additional keys if needed.

Using Your API Key

Include your API key in the X-API-Key header with every request: 
curl -X POST https://api.triqai.com/v1/transactions/enrich \
  -H "Content-Type: application/json" \
  -H "X-API-Key: triq_your_api_key_here" \
  -d '{"title": "STARBUCKS NYC", "country": "US", "type": "expense"}'

Authentication Errors

If authentication fails, you’ll receive a 401 Unauthorized response: 
{
  "success": false,
  "error": {
    "code": "authentication_error",
    "message": "Invalid or missing API key"
  },
  "meta": {
    "generatedAt": "2026-01-19T10:30:00Z",
    "requestId": "3c90c3cc-0d44-4b50-8888-8dd25736052a123",
    "version": "1.0.0"
  }
}

Common Authentication Issues

ErrorCauseSolution
Missing API keyNo X-API-Key header providedAdd the header to your request
Invalid API keyKey doesn’t exist or is malformedCheck for typos; regenerate if needed
Revoked API keyKey has been revokedGenerate a new key in the dashboard
Invalid formatKey doesn’t match expected patternEnsure key starts with triq_

Security Best Practices

Never expose your API key in client-side code, public repositories, or logs.

Do’s

  • Store API keys in environment variables
  • Use server-side code to make API requests
  • Rotate keys periodically
  • Use separate keys for development and production
  • Monitor API usage in your dashboard

Don’ts

  • Commit API keys to version control
  • Include keys in client-side JavaScript
  • Share keys via insecure channels
  • Use production keys for testing

Environment Variables

Store your API key in environment variables:
.env
TRIQAI_API_KEY=triq_your_api_key_here
Then access it in your code: 
const apiKey = process.env.TRIQAI_API_KEY;

Managing API Keys

Rotating Keys

If you suspect a key has been compromised:
  1. Generate a new key in your dashboard
  2. Update your application to use the new key
  3. Revoke the old key once the new one is active

Multiple Keys

You can create multiple API keys for different purposes:
  • Production key: For your live application
  • Development key: For local development
  • CI/CD key: For automated testing pipelines
  • Partner keys: For third-party integrations

Organization Context

API keys are scoped to organizations:
  • Each key belongs to exactly one organization
  • All requests authenticated with a key are attributed to that organization
  • Credits are deducted from the organization’s balance
  • Rate limits are applied per organization

Next Steps

Rate Limits

Understand request limits per plan

Credits

Learn how credit consumption works