Button uses your API key for API endpoint access. Additionally, certain endpoints are available through the SDK with a user session.

API keys are issued through the Button Dashboard. To locate your API key(s):

  • Head over to the Button Dashboard and log in using your Organization’s Button credentials.
  • Once logged in, click on your Organization’s drop down icon in the top right to navigate menu options. Select Organization Settings.
  • Within Organization Settings, scroll down to API Keys and select Generate Key.
  • Give your API Key a name and select Generate.
  • Copy the key generated and store it in your application’s secrets. This key is like a password for your account. You should ensure it is protected within your organization, and never share it publicly.

For requests that require an API key, Button expects the API key via Basic Auth.

The Authorization header field is constructed as follows:

  1. Add a colon to the end of the api key (e.g. apiKey + ":")
  2. Base64 encode the resulting string
  3. The authorization method and a space i.e. "Basic " is then put before the encoded string. (e.g. "Basic " + base64Encode(apiKey + ":"))


Warning: Keep your API Key Private

Only use your API Key from a server that you control. Do not embed your API Key in a mobile app or public webpage.