Authentication

API Key Authentication

60db uses API key authentication to secure all API requests. Your API key should be included in the Authorization header of every request.

Getting Your API Key

Navigate to app.60db.com and log in

Access API Keys

Go to Settings → Developer → API Keys

Create Key

Click “Create API Key” and provide a descriptive name

Store Securely

Copy and store your API key in a secure location

Using Your API Key

With SDKs

JavaScript/TypeScript
Python

import { SixtyDBClient } from '@60db-own/60db-js';

const client = new SixtyDBClient('your-api-key');

You can also specify a custom base URL:

const client = new SixtyDBClient({
  apiKey: 'your-api-key',
  baseUrl: 'https://custom-api.60db.com'
});

from sixtydb import SixtyDBClient

client = SixtyDBClient('your-api-key')

You can also specify a custom base URL:

client = SixtyDBClient(
    api_key='your-api-key',
    base_url='https://custom-api.60db.com'
)

Direct API Calls

If you’re making direct HTTP requests, include your API key in the Authorization header:

curl https://api-dev.qcall.ai/tts/voices \
  -H "Authorization: Bearer your-api-key"

Security Best Practices

Never expose your API key in client-side code, public repositories, or version control systems.

Environment Variables

Store your API key in environment variables:

Node.js
Python

Create a .env file:

SIXTYDB_API_KEY=your-api-key

Use it in your code:

const client = new SixtyDBClient(process.env.SIXTYDB_API_KEY);

Create a .env file:

SIXTYDB_API_KEY=your-api-key

Use it in your code:

import os
from sixtydb import SixtyDBClient

client = SixtyDBClient(os.getenv('SIXTYDB_API_KEY'))

Key Rotation

Regularly rotate your API keys for enhanced security:

Create a new API key
Update your application to use the new key
Test that everything works correctly
Delete the old API key

Rate Limiting

API requests are rate-limited based on your subscription plan:

Plan	Requests per Minute	Requests per Day
Free	10	1,000
Starter	60	10,000
Pro	300	100,000
Enterprise	Custom	Custom

Rate limit headers are included in every API response:

X-RateLimit-Limit: Maximum requests allowed
X-RateLimit-Remaining: Remaining requests in current window
X-RateLimit-Reset: Time when the rate limit resets

Error Handling

When authentication fails, you’ll receive a 401 Unauthorized response:

{
  "error": "Unauthorized",
  "message": "Invalid API key"
}

Common authentication errors:

Status Code	Error	Description
401	Unauthorized	Invalid or missing API key
403	Forbidden	API key doesn’t have required permissions
429	Too Many Requests	Rate limit exceeded

Get Started

SDKs

Core Features

Authentication

API Key Authentication

Getting Your API Key

Using Your API Key

With SDKs

Direct API Calls

Security Best Practices

Environment Variables

Key Rotation

Rate Limiting

Error Handling

Get Started

SDKs

Core Features

​API Key Authentication

​Getting Your API Key

​Using Your API Key

​With SDKs

​Direct API Calls

​Security Best Practices

​Environment Variables

​Key Rotation

​Rate Limiting

​Error Handling

API Key Authentication

Getting Your API Key

Using Your API Key

With SDKs

Direct API Calls

Security Best Practices

Environment Variables

Key Rotation

Rate Limiting

Error Handling