Overview

API Key and Authentication

To access the Tomba.io API, you must authenticate every request using a unique API key and secret. These credentials are required for all endpoints and ensure that your usage is tracked correctly.

🔒 Important: Your API key and secret identify your account keep them safe. Do not share them publicly or embed them in frontend code.

You can generate, regenerate, or revoke your API keys at any time from your API Keys 🔑 .

Required Authentication Headers

Include the following headers in every request:

Field	Header Name	Location
API Key	`X-Tomba-Key`	`header`
Secret	`X-Tomba-Secret`	`header`

Example usage in curl:

curl -X GET "https://api.tomba.io/v1/domain-search?domain=example.com" \
     -H "X-Tomba-Key: your_api_key" \
     -H "X-Tomba-Secret: your_secret_key"

bash

Dashboard Overview Error Handling

​Required Authentication Headers

Required Authentication Headers