Skip to main content

Overview

The GameBoost API uses Bearer Token authentication to secure all API endpoints. You’ll need to include your API key in the Authorization header of every request.
All API requests must be made over HTTPS. Requests made over plain HTTP will fail.

Getting Your API Key

Your API key is available in the GameBoost Partner Dashboard. Follow these steps to retrieve it:
1

Log in to Partner Dashboard

Navigate to gameboost.com/dashboard and sign in with your partner account.
Not a partner yet? Go to jobs.gameboost.com and apply as a seller.
2

Access API Settings

From the dashboard, navigate to SettingsDevelopers in the left sidebar.
API Keys navigation in Partner Dashboard
3

Generate or View API Key

  • If you haven’t created an API key yet, click New API Key
  • Give your API key a descriptive name to help you identify it later.
  • By default, all API keys have full access to your account.
API Keys navigation in Partner Dashboard
Your API key will only be shown in full once during generation. Make sure to copy and store it securely.
4

Copy and Secure Your Key

Copy your API key and store it in a secure location such as:
  • Environment variables in your application
  • A secure secrets manager (1Password, AWS Secrets Manager, etc.)
  • Encrypted configuration files
Your API key is ready to use! You can now make authenticated requests to the GameBoost API.

Making Authenticated Requests

Include your API key in the Authorization header using the Bearer token scheme: 
curl -X GET 'https://api.gameboost.com/v2/orders' \
  -H 'Authorization: Bearer YOUR_API_KEY' \
  -H 'Content-Type: application/json'
Store your API key in environment variables rather than hardcoding it in your source code. This improves security and makes it easier to manage keys across different environments.

Managing Your API Keys

Rotating API Keys

For security best practices, we recommend rotating your API keys periodically:
1

Generate a new API key

In the Partner Dashboard, click New API Key to create a second API key.
2

Update your applications

Gradually update your applications and services to use the new API key.
3

Revoke the old key

Once all services are using the new key, revoke the old key from the dashboard.
You can have up to 2 active API keys at once to facilitate smooth key rotation without downtime.

Revoking API Keys

If your API key is compromised or no longer needed, revoke it immediately:
1

Navigate to Developers Settings

Go to SettingsDevelopers in the Partner Dashboard.
2

Select the key to revoke

Find the API key you want to revoke in the list of active keys.
3

Click Delete

Click the Delete (trash icon) button next to the key and confirm the action.
Delete API Key
Revoking an API key is immediate and cannot be undone. All requests using the revoked key will fail immediately.
4

Generate a replacement

If needed, generate a new API key to replace the revoked one.
The old key has been revoked and can no longer be used to access the API.

Security Best Practices

  • Never commit API keys to version control
  • Use environment variables or secure secrets management services
  • Encrypt configuration files that contain API keys
  • Restrict access to API keys on a need-to-know basis
  • Always make API requests over HTTPS
  • Never send API keys over unencrypted connections
  • Validate SSL certificates in your API client
  • Rotate API keys every 90 days as a best practice
  • Immediately rotate keys if you suspect compromise
  • Use the dual-key system to enable zero-downtime rotation
  • Never share API keys between team members or applications
  • Be wary of phishing attempts asking for your API key
  • Never enter your API key on suspicious websites or third-party tools
  • Report any suspicious activity or unauthorized access immediately

Next Steps

Now that you’ve set up authentication, you’re ready to start making API requests:

API Responses

Learn about response formats and error handling

Rate Limiting

Understand rate limits and best practices

API Reference

Explore available endpoints and start building

Webhooks

Set up real-time event notifications