To ensure secure communication, the Copyleaks API uses a two-part authentication model. Your permanent API Key is used to generate a temporary Access Token. This temporary token is then used to make all subsequent API requests, providing a robust layer of security.

The Authentication Process

The process involves exchanging your long-term key for a short-term token.

Your API Key

Your primary credential is your API Key. This key is unique to your account and, when paired with your account email address, is used to verify your identity. You can generate and manage your API keys at any time from the API Dashboard. If you don’t have an account, you can create one for free.

As this key is confidential, be sure to store it in a secure and private location.

Generating an Access Token

To make API calls, you must first exchange your API Key for an access_token. This is a security best practice that prevents your permanent key from being exposed with every request.

This exchange is done by making a single POST request to the login endpoint. This is the only time you need to use your API key directly.

Note

The /login endpoint has a stricter rate limit (12 requests per 15 minutes) than other API endpoints. Reusing your access token is essential for efficiency and to prevent being rate-limited.

The following examples show how to provide your email and API key to receive an access token.

HTTP

POST https://id.copyleaks.com/v3/account/login/api

Headers
Content-Type: application/json

Body
{
    "email": "[email protected]",
    "key": "00000000-0000-0000-0000-000000000000"
}

cURL

export COPYLEAKS_EMAIL="[email protected]"
export COPYLEAKS_API_KEY="your-api-key-here"

curl --request POST \
  --url https://id.copyleaks.com/v3/account/login/api \
  --header 'Accept: application/json' \
  --header 'Content-Type: application/json' \
  --data "{
    \"email\": \"${COPYLEAKS_EMAIL}\",
    \"key\": \"${COPYLEAKS_API_KEY}\"
  }"

Python

from copyleaks.copyleaks import Copyleaks

EMAIL_ADDRESS = "[email protected]"
API_KEY = "your-api-key-here"

# Login to Copyleaks
auth_token = Copyleaks.login(EMAIL_ADDRESS, API_KEY)
print("Logged successfully!\nToken:", auth_token)

JavaScript

const { Copyleaks } = require("plagiarism-checker");

const EMAIL_ADDRESS = "[email protected]";
const API_KEY = "your-api-key-here";
const copyleaks = new Copyleaks();

// Login function
function loginToCopyleaks() {
  return copyleaks.loginAsync(EMAIL_ADDRESS, API_KEY).then(
    (loginResult) => {
      console.log("Login successful!");
      console.log("Access Token:", loginResult.access_token);
      return loginResult;
    },
    (err) => {
      console.error('Login failed:', err);
      throw err;
    }
  );
}

loginToCopyleaks();

Java

import com.copyleaks.sdk.api.Copyleaks;

String EMAIL_ADDRESS = "[email protected]";
String API_KEY = "00000000-0000-0000-0000-000000000000";

// Login to Copyleaks
try {
    String authToken = Copyleaks.login(EMAIL_ADDRESS, API_KEY);
    System.out.println("Logged successfully!\nToken: " + authToken);
} catch (CommandException e) {
    System.out.println("Failed to login: " + e.getMessage());
    System.exit(1);
}

Using the Access Token

Once the login request is successful, the API will return an access_token. This token must be sent with every subsequent API request in the Authorization header.

Header for API Requests: Authorization: Bearer <YOUR_ACCESS_TOKEN>

Token Lifetime and Caching

The access_token is valid for 48 hours. To optimize performance and avoid unnecessary login requests, you should cache this token in your application and reuse it until it expires.

Security

Handle Credentials Carefully

Your API Key and Access Token are confidential and should be treated as passwords. Attackers who gain access to them can access your private information and perform actions on your behalf.