Authentication
Authenticate API requests with a bearer key from your dashboard.
API requests are authenticated with a secret key sent as a bearer token.
Get a key
Create and manage keys in your dashboard. A key looks like:
gck_live_8f2b1c9a4e7d6f3a0b5c8e1d2f4a6b9c
Treat it like a password — it grants full access to your account's conversions.
Send the key
Include it in the Authorization header on every request:
curl https://api.convertmepls.com/conversions/$JOB_ID \
-H "authorization: Bearer gck_live_..."
Rotating and revoking
If a key leaks, revoke it from the dashboard immediately and create a new one. Revocation takes effect right away. We recommend a separate key per environment (for example one for staging and one for production) so you can rotate them independently.
Errors
| Status | Meaning |
| --- | --- |
| 401 | Missing or malformed Authorization header |
| 403 | Key is valid but revoked or lacks access |
| 429 | Rate limit exceeded — slow down or upgrade your plan |