ReferenceConsumer
Authentication and API Keys
Understand how API keys work across subscriptions and how to keep them secure.
Last updated Apr 17, 2026
API key basics
ThailandAPI uses subscription-scoped API keys.
How keys work
- Keys belong to a subscription, not to a single team member.
- A single subscription can have multiple keys for different environments or services.
- Requests are billed and rate-limited against the subscription attached to the key.
Sending a key
Use the X-API-Key header in every request.
http
GET /your-endpoint HTTP/1.1
Host: api-slug.your-domain.example
X-API-Key: tap_live_xxxxxxxxxSecurity guidance
- Never expose production keys in frontend bundles.
- Rotate keys when a teammate leaves or a credential is shared too widely.
- Use different keys for local development, staging, and production.
Troubleshooting
401usually means the key is invalid, revoked, or missing.429usually means the subscription hit a rate or quota limit.- Billing and usage screens help you verify the active plan and remaining credits.
Related Docs
Continue with the next pages that support the same workflow.
GuideConsumer
Getting Started with ThailandAPI
Learn how to browse APIs, choose a plan, create keys, and make your first request.
Read more
GuideConsumer
Payment System Overview
A basic guide to subscriptions, billing periods, payment history, and common payment statuses.
Read more
FAQConsumer
Refunds and Billing Adjustments
A practical overview of when refunds may happen, how to review refund status, and what to prepare before contacting support.
Read more
FAQShared
When an API Shuts Down: Access and Refund Handling
What happens to subscriptions, API keys, billing cycles, and refund calculations when an API is shut down.
Read more