Authentication Guide - Eaze Customs

Overview

EazeCustoms uses API key-based authentication for securing all requests. Your API key is a unique identifier that proves your authorization to access the EazeCustoms platform.

Getting Your API Key

Complete the onboarding process
Our team will email you your credentials
Store your API key securely (never commit to version control)

Using Your API Key

Include your API key in the Authorization header of every request:

curl -X GET https://devapi.eazecustoms.com/staging/v1/declarations \
  -H "Authorization: Bearer your_api_key_here"

Best Practices

1. Keep Your Key Secure

Store API keys in environment variables, not in code
Use .env files for local development (add to .gitignore)
Rotate keys regularly in production

2. Environment Variables

# .env file (local development)
EAZECUSTOMS_API_KEY=sk_sandbox_abc123def456

# Never commit this file!

3. Implementation Examples

curl --request GET \
  --url https://devapi.eazecustoms.com/staging/v1/declarations \
  --header 'Authorization: Bearer $EAZECUSTOMS_API_KEY' \
  --header 'Content-Type: application/json'

import os
import requests

api_key = os.getenv('EAZECUSTOMS_API_KEY')

headers = {
    'Authorization': f'Bearer {api_key}',
    'Content-Type': 'application/json'
}

response = requests.get(
    'https://devapi.eazecustoms.com/staging/v1/declarations',
    headers=headers
)

const apiKey = process.env.EAZECUSTOMS_API_KEY;

const headers = {
  'Authorization': `Bearer ${apiKey}`,
  'Content-Type': 'application/json'
};

fetch('https://devapi.eazecustoms.com/staging/v1/declarations', {
  headers: headers
});

<?php
$apiKey = getenv('EAZECUSTOMS_API_KEY');

$headers = [
  'Authorization: Bearer ' . $apiKey,
  'Content-Type: application/json'
];

$ch = curl_init('https://devapi.eazecustoms.com/staging/v1/declarations');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
$response = curl_exec($ch);
curl_close($ch);

package main

import (
  "net/http"
  "os"
)

func main() {
  apiKey := os.Getenv("EAZECUSTOMS_API_KEY")
  req, _ := http.NewRequest("GET", "https://devapi.eazecustoms.com/staging/v1/declarations", nil)
  req.Header.Set("Authorization", "Bearer "+apiKey)
  req.Header.Set("Content-Type", "application/json")
  http.DefaultClient.Do(req)
}

import java.net.HttpURLConnection;
import java.net.URL;

URL url = new URL("https://devapi.eazecustoms.com/staging/v1/declarations");
HttpURLConnection connection = (HttpURLConnection) url.openConnection();
connection.setRequestMethod("GET");
connection.setRequestProperty("Authorization", "Bearer " + System.getenv("EAZECUSTOMS_API_KEY"));
connection.setRequestProperty("Content-Type", "application/json");
int responseCode = connection.getResponseCode();

require 'net/http'
require 'uri'

uri = URI('https://devapi.eazecustoms.com/staging/v1/declarations')
request = Net::HTTP::Get.new(uri)
request['Authorization'] = "Bearer #{ENV['EAZECUSTOMS_API_KEY']}"
request['Content-Type'] = 'application/json'

response = Net::HTTP.start(uri.hostname, uri.port, use_ssl: true) do |http|
  http.request(request)
end

Key Rotation

Regularly rotate your API keys to maintain security:

Generate a new API key from your dashboard
Update all applications to use the new key
Wait 24 hours to ensure all traffic has switched
Revoke the old key

Troubleshooting

Invalid API Key Error (HTTP 401)

{
  "error": "INVALID_CREDENTIALS",
  "message": "The API key provided is invalid or has expired"
}

Solution: Verify your API key is correct and hasn’t expired. Generate a new one if needed.

Unauthorized Error (HTTP 403)

{
  "error": "UNAUTHORIZED",
  "message": "You do not have permission to access this resource"
}

Solution: Ensure your account has been activated and your API key has the required permissions.

Security Headers

All requests should include:

Authorization: Bearer {api_key}
Content-Type: application/json
User-Agent: YourApp/1.0

Rate Limiting

API keys are subject to rate limits:

Sandbox: 100 requests/minute
Production: 1000 requests/hour

When you exceed the limit, you’ll receive a 429 response with a Retry-After header.

Support

For authentication issues or to rotate keys, contact our support team at support@eazecustoms.com

​Overview

​Getting Your API Key

​Using Your API Key

​Best Practices

​1. Keep Your Key Secure

​2. Environment Variables

​3. Implementation Examples

​Key Rotation

​Troubleshooting

​Invalid API Key Error (HTTP 401)

​Unauthorized Error (HTTP 403)

​Security Headers

​Rate Limiting

​Support