To ensure secure communication, the Copyleaks API uses a two-part authentication model. Your permanent API Key is used to generate a temporary Access Token. This temporary token is then used to make all subsequent API requests, providing a robust layer of security.
The Authentication Process
The process involves exchanging your long-term key for a short-term token.
Your API Key
Your primary credential is your API Key. This key is unique to your account and, when paired with your account email address, is used to verify your identity. You can generate and manage your API keys at any time from the API Dashboard. If you don’t have an account, you can create one for free.
As this key is confidential, be sure to store it in a secure and private location.
Generating an Access Token
To make API calls, you must first exchange your API Key for an access_token. This is a security best practice that prevents your permanent key from being exposed with every request.
This exchange is done by making a single POST request to the login endpoint. This is the only time you need to use your API key directly.
The /login endpoint has a stricter rate limit (12 requests per 15 minutes) than other API endpoints. Reusing your access token is essential for efficiency and to prevent being rate-limited. HTTP
cURL
Python
JavaScript
Java
POST https://id.copyleaks.com/v3/account/login/api
Headers
Content-Type: application/json
Body
{
"email": "[email protected]",
"key": "00000000-0000-0000-0000-000000000000"
}
export COPYLEAKS_EMAIL="[email protected]"
export COPYLEAKS_API_KEY="your-api-key-here"
curl --request POST \
--url https://id.copyleaks.com/v3/account/login/api \
--header 'Accept: application/json' \
--header 'Content-Type: application/json' \
--data "{
\"email\": \"${COPYLEAKS_EMAIL}\",
\"key\": \"${COPYLEAKS_API_KEY}\"
}"
from copyleaks.copyleaks import Copyleaks
EMAIL_ADDRESS = "[email protected]"
API_KEY = "your-api-key-here"
# Login to Copyleaks
auth_token = Copyleaks.login(EMAIL_ADDRESS, API_KEY)
print("Logged successfully!\nToken:", auth_token)
const { Copyleaks } = require("plagiarism-checker");
const EMAIL_ADDRESS = "[email protected]";
const API_KEY = "your-api-key-here";
const copyleaks = new Copyleaks();
// Login function
function loginToCopyleaks() {
return copyleaks.loginAsync(EMAIL_ADDRESS, API_KEY).then(
(loginResult) => {
console.log("Login successful!");
console.log("Access Token:", loginResult.access_token);
return loginResult;
},
(err) => {
console.error('Login failed:', err);
throw err;
}
);
}
loginToCopyleaks();
import com.copyleaks.sdk.api.Copyleaks;
String EMAIL_ADDRESS = "[email protected]";
String API_KEY = "00000000-0000-0000-0000-000000000000";
// Login to Copyleaks
try {
String authToken = Copyleaks.login(EMAIL_ADDRESS, API_KEY);
System.out.println("Logged successfully!\nToken: " + authToken);
} catch (CommandException e) {
System.out.println("Failed to login: " + e.getMessage());
System.exit(1);
}
Using the Access Token
Once the login request is successful, the API will return an access_token. This token must be sent with every subsequent API request in the Authorization header.
Header for API Requests:
Authorization: Bearer <YOUR_ACCESS_TOKEN>
Token Lifetime and Caching
The access_token is valid for 48 hours. To optimize performance and avoid unnecessary login requests, you should cache this token in your application and reuse it until it expires.
Security
Your API Key and Access Token are confidential and should be treated as passwords. Attackers who gain access to them can access your private information and perform actions on your behalf.
