Skip to content

Authentication

Every request to the eSIM Go API must include your API key. This guide explains how to generate your key, use it in requests, and what to expect if authentication fails.

Your API key

Each eSIM Go organisation has a single API key. For security reasons, the key is not displayed after generation — you must regenerate it to obtain a new value. Regenerating invalidates the previous key immediately.

Generating your API key

  1. Log in to the eSIM Go Portal
  2. Navigate to Account Settings → API Details
  3. Click Regenerate API Key and confirm

Your new key is displayed once. Copy it immediately — it will not be shown again. An email notification is sent to all users on your account when the key is regenerated.

Making authenticated requests

Include your API key in the X-API-Key header on every request:

Terminal window
curl https://api.esim-go.com/v2.5/catalogue \
-H 'X-API-Key: your-api-key-here'

The header name is case-insensitive — x-api-key and X-API-KEY are both accepted.

Authentication errors

A missing or invalid API key returns 403 Forbidden:

{
"message": "Forbidden"
}

Security best practices

  • Store your API key as an environment variable — never hardcode it
  • Rotate your key immediately if you suspect it has been exposed
  • Use IP whitelisting to restrict which systems can use your key