Authentication
API Keys
All API requests are authenticated with an API key.
http
Authorization: Bearer YOUR_API_KEYGetting Your API Key
- Open piifirewall.com/console
- Enter your email address and verify with the 6-digit code sent to you (OTP)
- Click 🔑 API Key Management → enter a key name and click Issue
- Copy the key — it is shown only once
Key Security
- Never commit API keys to source control
- Use environment variables:
PII_FIREWALL_API_KEY - Rotate keys immediately if compromised (console → Revoke)
.env Example
bash
# .env
PII_FIREWALL_API_KEY=pf_live_xxxxxxxxxxxxxxxxtypescript
import { PIIFirewall } from 'pii-firewall-sdk'
const firewall = new PIIFirewall({
apiKey: process.env.PII_FIREWALL_API_KEY!,
})Key Scopes
| Scope | Description |
|---|---|
read | detect, credits check |
write | mask, restore, all operations |
admin | manage keys, view usage logs |
Default keys have write scope. Restrict scope for read-only integrations.
Rotating Keys
To rotate a key without downtime:
- Issue a new key at piifirewall.com/console
- Update your environment variable
- Redeploy your service
- Revoke the old key
IP Allowlisting (Enterprise)
Enterprise plans can restrict API key usage to specific IP ranges. Contact enterprise@piifirewall.com.