Securely authenticate all Dojah API calls by following this simple lifecycle: create your app, generate API keys, select environments, and sign each request with your credentials.

​
Create an App

  • Log in to the Dojah Dashboard and go to Developers β†’ Configuration β†’ My Apps.
  • Create a new app or edit the default one.
    • Enter an App Name;
    • Optionally add a logo and primary color if you’ll use widgets like EasyOnboard.
  • Each App has a unique App ID, this is required for all API calls.

​
API Keys

  • Once your app is created, you can generate public and private API keys.
  • Public Key: Meant for front-end usage (e.g. SDKs or widgets).
  • Private Key: Must remain confidential; used for authenticating server-side API calls.
  • Keys can be regenerated anytime from the dashboard.
Each app comes with two keys:
  • App ID: Public identifier used in API calls.
  • Secret Key: Private key for signing and securing requests.
Do not expose your Secret Key on the frontend or in public repositories. It should only be used server-side.

​
Environments

Dojah supports both sandbox and production environments:
EnvironmentBase URL
Sandboxhttps://sandbox.dojah.io
Productionhttps://api.dojah.io
πŸ“˜ Note
  • Always use HTTPS for all API requests.
  • Make sure you have created an app before sending any request.
  • Keep your Secret Key secureβ€”never share it or expose it publicly.

​
Authorization

For every API request, include your App ID and Secret Key in the request headers: 
x-api-key: YOUR_APP_ID
Authorization: Bearer YOUR_SECRET_KEY