Authentication guide

Overview

Security is paramount when working with aviation data. Notamify enforces robust authentication methods and industry-standard security practices to keep your information safe. This guide covers:

• Authentication methods

• Best practices for handling your API key

• SSL/TLS considerations

• Error handling for authentication failures

---

1. API Key Authentication

All requests to the Notamify API require an API key passed as a Bearer Token:

Authentication: Bearer YOUR_API_KEY

Tip: Make sure to only send your API requests over HTTPS.

---

2. API Key Security Best Practices

• Never hard-code your API key in public repositories.

• Rotate your API keys regularly, especially if there is any suspicion of compromise.

• Use environment variables or secure vaults (like HashiCorp Vault or AWS Secrets Manager) to store and retrieve keys at runtime.

• Enforce IP restrictions (Enterprise-level feature) to limit which IPs can use your keys.

---

3. SSL/TLS Requirements

All Notamify API endpoints are served exclusively over secure SSL/TLS connections (https). Requests made over unencrypted HTTP will fail automatically.

Note: If your system requires a custom certificate bundle or is behind a corporate proxy, ensure that all .crt or .pem files are up to date and correctly configured.

---

4. Handling Authentication Errors

If your request is missing the key or uses an invalid key, you will receive a 401 Unauthorized response. For example:

{
  "status": "error",
  "message": "Invalid or missing API key."
}

Troubleshooting Steps

• Verify you are using the correct key in the request header: Authentication: Bearer YOUR_API_KEY

• Ensure your key has not expired or been revoked.

• Contact Notamify Support if you continue to experience issues.