Step 1 — Register your app
Submit your details at /services/create. You receive three values: CLIENT_ID, CLIENT_SECRET, and CLIENT_SRVC. The secret is shown once and cannot be recovered. Store all three in your .env immediately.
Your .env file
CLIENT_ID=<your client id>
CLIENT_SECRET=<your client secret>
CLIENT_SRVC=<your service id>
KEY_DERIVATION_SALT=<provided by the API operator>What each value is
CLIENT_ID
A 32-character hex string. Sent as the x-client-id header on every request. Identifies your app to the server. Safe to use in server-side code.
Example: 9a21b790e94b414096a57ec4664acee3
CLIENT_SECRET
A 64-character hex string (32 bytes). Never sent in any request.Used locally to derive the JWE encryption key. Store only in .env — never commit to git. If lost: regenerate at /services/create.
Example: 04bd9e0cce6a48d234193ac1375...
CLIENT_SRVC
A 32-character hex string. Sent in every request body as the srvc field. Identifies which registered app is making the call. Used for log filtering.
Example: 26d457a0b2174e77b29995e3d63b9cd5
KEY_DERIVATION_SALT
Provided separately by the API operator. Combined with your CLIENT_SECRET to derive the encryption key. Without it, encryption will fail.
Lost your secret?
If you lose CLIENT_SECRET, go to /services/create and use Regenerate credentials. Enter your CLIENT_ID and registered email. A new secret is generated immediately. All requests using the old secret stop working instantly.