The Dots API uses a Basic token approach to authorize requests. When you perform an API request, you must inform the token created using your client_id and api_key.
Do not share your secret API keys in public places like Github or Gitlab since this opens space for malicious API calls.

Basic Token Format

The Basic token is a URL-safe Base64 encoding of a string that contains your client_id and optionally your api_key. Depending on whether your request comes from a server or the client side, the token will contain different information, as described in the following table.
OriginToken composition
Client sideBASE64_ENCODE({client_id}:)
Server sideBASE64_ENCODE({client_id}:{api_key})
You should include : after your client_id when generating the token from the client side.
Suppose your cliend_id = ABC123 and api_key = DEF456, you would have the following resulting tokens: 
BASE64_ENCODE(ABC123:) -> QUJDMTIzOg==
To authenticate your requests, you’ll send the token through the header of your request, following the structure presented below:
Header format
Authorization: Basic {token}

Dots Keys

When working with Dots, you have access to organization and App keys, which you will use in different scenarios to authenticate your requests to the Dots API.
Your organization and App keys change when you toggle between the Sandbox and Production environments. See the Environments page for more information. Therefore, if you’re changing from the Sandbox to the Production environment, remember to change the keys in your code.

App Keys

Dots enables you to create and use applications (Apps), which is helpful for multi-tenancy applications where you want to logically separate funds and users on your platform. Every new App has its own App Keys, which you can use to authenticate all operations related to that App.
See Basic Token Format to learn how to generate the token before sending your requests.
To access your App key, access the Dots dashboard, select the desired App through the sidebar selector, and then select API Management. Your App Key will be shown like exemplified below:
App keys

Organization Keys

Organization keys are used to authenticate Dots operations across all the applications in your organization. You can use them to create, update, and delete apps and act on behalf of Apps. When using organization keys to execute App operations, you must inform the organization key and the Api-App-Id to identify the App. The following code block presents how to use the organization key to create an App and send a payout.
You will always inform your authentication key in a token format when using the Dots API. See Basic Token Format on this page to learn how to generate the token before sending your requests.
curl --request POST \
--url https://api.dots.dev/api/v2/apps \
--header 'Authorization: Basic <token>' \
--header 'Content-Type: application/json' \
--data '{
  "name": "<app_name>",
}'
To access your organization keys, you can email info@dots.dev, or you can access the Dots dashboard, select Organization on the sidebar, and then select API Management, like exemplified below:
Organization keys
If you’re using the organization key to authenticate actions on an App’s behalf, you need to include the App’s ID with the Api-App-Id header in the request. The ID can be retrieved using the List All Apps endpoint or the Dashboard.