GolflyAPI

Authentication

All API requests require an API key for authentication.

API Key Header

Include your API key in the x-api-key header with every request:

bash
curl "https://golfly.dev/api/v1/courses" \
  -H "x-api-key: gf_your_api_key"

Getting Your API Key

1

Create an account

Sign up at golfly.dev/signup

2

Access your dashboard

Your API key is displayed in the dashboard

3

Copy your key

Keys start with gf_

Security Best Practices

  • ⚠️Never expose your API key in client-side code — make API calls from your server
  • ⚠️Don't commit keys to version control — use environment variables
  • ⚠️Rotate keys if compromised — delete and create new keys in the dashboard

Using Environment Variables

Store your API key in an environment variable:

.env file:

bash
GOLFLY_API_KEY=gf_your_api_key

JavaScript/Node.js:

javascript
const apiKey = process.env.GOLFLY_API_KEY;

const response = await fetch('https://golfly.dev/api/v1/courses', {
  headers: { 'x-api-key': apiKey }
});

Python:

python
import os
import requests

api_key = os.environ.get('GOLFLY_API_KEY')

response = requests.get(
    'https://golfly.dev/api/v1/courses',
    headers={'x-api-key': api_key}
)

Authentication Errors

If authentication fails, you'll receive a 401 response:

json
{
  "error": "invalid_api_key",
  "message": "The API key provided is invalid or has been revoked.",
  "docs": "https://golfly.dev/docs/authentication"
}

See Error Handling for all error codes.