Every Client is issued an API key. Every call you make to the Ablo API, must be authenticated with your API key. The API key should go in the x-api-key header.

Your usage will be tracked and you will be billed according to your API key usage so best practice would be to keep it secure only on your BE so that it's not exposed to the world. We recommend proxying calls to Ablo services through your own BE.