Secret Headers & Parameters

Pass secrets to your API implementation code.

RapidAPI allows you to add secret headers and/or query string parameters to API requests. The RapidAPI proxy adds these secrets to every request, but are hidden from the API consumers.


Tip: Uses for secret headers and parameters

If you already have API key generation for your API, you can use hidden parameters to authenticate your API requests. Create a single API key on your system for all requests coming from RapidAPI. You can then set that API key as a hidden header or parameter.

You could also use secret headers and parameters to set things like environment variable values that the API consumer would not know of or need to worry about.


Difference between secrets and other authentication methods

Header and query authentication are similar to secret headers and parameters, with one key difference. For header and query authentication, the API consumer must set the value of the header or query parameter. For secret headers and parameters, the API consumer doesn't even know about the secrets. The values are set by the RapidAPI proxy based on the values added when defining the API, as described below.

To add a secret header or parameter, open the Definition page for your API, click the API Specs tab and click the Settings tab. Scroll to the Secret Headers & Parameters section, as shown here.

In the Secret Headers and Parameters section, you can one or more name-value pairs, specify Header or Parameter in the Type column. Add an optional description to let others on the API provider team to know the purpose of the secret.

Here, we have added one secret header and one secret query string parameter.

Now when an API consumer calls an API endpoint, the header or query string parameter name-value pairs will be set by the RapidAPI proxy and will be available to the API's implementation code.

You can contact [email protected] for additional questions.

What’s Next