The ClickTerm API uses App ID and App Key credentials for authentication. These are passed as HTTP headers on every request for authenticated endpoints.
Credentials
| Credential | Where to use | Security |
|---|
| App ID | Client SDK + API requests | Public — safe to use in frontend code |
| App Key | API requests only (server-side) | Secret — never expose in client-side code |
How to authenticate
Pass both credentials as HTTP headers:
curl -X GET \
-H "X-APP-ID: your_app_id" \
-H "X-APP-KEY: your_app_key" \
"https://api.clickterm.com/public-client/v1/clickwrap-templates"
Where to find your credentials
- Log in to the ClickTerm Dashboard
- Go to Integrations
- Click the gear icon on your integration
- Your App ID is displayed at the top
- Your App Key is shown once at creation — regenerate it if needed
Never expose your App Key in client-side code. The App Key is used
only for backend verification calls. The client SDK uses only the App ID.
Store the App Key safely — it won’t display again after creation, but can be
regenerated. Regenerating the key requires updating your backend configuration.
Regenerating the App Key
If your App Key is compromised or lost:
- Open the integration configuration in the dashboard
- Click Regenerate App Key
- Update the key in your backend code
After regeneration, the old key is immediately invalidated. All API calls
using the old key will return 401 Unauthorized.
Client SDK authentication
The client SDK (Web and Android) uses only the App ID for initialization:
ClicktermClient.initialize("YOUR_APP_ID");
