The TIDY API uses API Keys to authenticate requests. You can view and manage your API keys in the TIDY Website or Mobile App.
Your API keys carry many privileges, so be sure to keep them secure! Do not share your secret API keys in publicly accessible areas such as GitHub, client-side code, and so forth. All API requests must be made over HTTPS. Calls made over plain HTTP will fail. API requests without authentication will also fail.
To create an API key, simply log into your account, go to the "Developers" section, then the "API Keys" section, and tap the button to generate an API Key. These API keys are used as "bearer tokens".
Authentication to the API is performed via bearer authentication (also called token authentication) which is an HTTP authentication scheme that involves security tokens called bearer tokens. The name “Bearer authentication” can be understood as “give access to the bearer of this token.” In TIDY's case, the bearer token is your API key. The client must send this token in the Authorization header when making requests to protected resources:
Authorization: Bearer <your_api_key>