Authentication
All API requests require an API key passed via the X-API-Key HTTP header.
Creating an API Key
- Sign in to your account at boxesnlines.com
- Navigate to the API Keys page
- Click Create New Key
- Give your key a descriptive name (e.g., "Production Server", "Dev Environment")
- Copy the full API key immediately
warning
The full API key is only displayed once at creation. Store it securely before closing the dialog.
API Key Format
API keys follow the format:
bnl_{prefix}_{secret}
bnl_- Fixed prefix identifying Boxes'n'Lines keys{prefix}- A short identifier visible in your dashboard{secret}- The secret portion (only shown once at creation time)
Using Your API Key
Include the X-API-Key header in every request:
curl "https://api.boxesnlines.com/geo/country/fromGps/40.7128,-74.0060" \
-H "X-API-Key: YOUR_API_KEY"
Managing API Keys
You can manage your API keys from the dashboard:
- Create new keys with optional names for easy identification
- List all your active keys (secrets are never shown again)
- Revoke keys that are no longer needed. Revoked keys stop working immediately and cannot be reactivated.
Security Best Practices
Never expose API keys in client-side code
API keys should only be used in server-side applications. Never include them in frontend JavaScript, mobile apps, or public repositories.
Best Practices
- Use environment variables to store API keys
- Use separate API keys for each environment (development, staging, production)
- Name your API keys descriptively so you know which service uses each one
- Rotate API keys periodically by creating a new key and revoking the old one
- Never commit API keys to version control
- Monitor usage in your dashboard to detect unusual activity