Authentication - donate.gg

All Developer API endpoints require authentication via an API key passed as a request header, except for GET /openapi and GET /postman, which are publicly accessible.

API key header

Include your API key in every request using the donate-api-key header:

curl https://www.donate.gg/api/v1/charities \
  -H "donate-api-key: YOUR_API_KEY"

Never expose your API key in client-side code, public repositories, or anywhere it could be accessed by others. All API requests should be made server-side.

Error responses

If authentication fails, the API returns one of the following errors:

Status	Code	Description
`400`	`MISSING_API_KEY`	The `donate-api-key` header was not included in the request
`403`	`INVALID_API_KEY`	The provided API key does not match any developer account

Example error response:

{
  "error": "Missing API Key",
  "code": "MISSING_API_KEY"
}

Public endpoints

The following endpoints do not require the donate-api-key header:

Endpoint	Description
`GET /openapi`	OpenAPI 3.0.0 JSON spec
`GET /postman`	Postman collection (from OpenAPI)

Keeping your key secure

Store your API key in environment variables, never hardcoded
Do not commit it to version control
If your key is compromised, contact us at support@donate.gg to have it rotated

Don't have an API key yet?

Apply for API access

Getting Access Rate Limits

​API key header

​Error responses

​Public endpoints

​Keeping your key secure

Don't have an API key yet?

API key header

Error responses

Public endpoints

Keeping your key secure