API Key Management
Create and manage your Travelyzer API credentials.
API Key Management
The Dashboard allows you to create and manage your API credentials to access Travelyzer Places API. This page explains the complete process, from creation to usage.
Understanding Credentials
Each API key includes three elements:
| Credential | Format | Visibility | Usage |
|---|---|---|---|
| Client ID | client_xxxxx | Always visible | Identifies your application |
| API Key | gck_xxxxxxxxxxxxxxxxxxxx | Always visible | Identifier for the token |
| API Secret | gcs_xxxxxxxxxxxxxxxxxxxxxxxx | Displayed once | Secret for the token |
Important: The API Secret is only displayed once during creation. Copy it immediately and store it in a safe place. If you lose it, you will need to regenerate a new secret.
Creating an API Key
Steps
- Go to Dashboard > API Keys
- Click "Create new key"
- Configure the key:
- Name: Descriptive identifier (e.g., "Production", "Mobile App", "Backend")
- Description: (Optional) Additional notes
- Click "Create"
- Copy immediately the API Key and API Secret
Creation Window
After creation, a window displays your credentials:
╭──────────────────────────────────────────────────────╮
│ ✅ API Key created successfully │
│ │
│ Client ID: │
│ client_mlxy7tuphn77ug │
│ │
│ API Key: │
│ gck_a1b2c3d4e5f6g7h8i9j0k1l2 │
│ │
│ API Secret: │
│ gcs_x1y2z3a4b5c6d7e8f9g0h1i2j3k4l5m6n7o8p9q0 │
│ │
│ ⚠️ Copy the secret now, it will not be shown │
│ again after closing this window. │
│ │
│ [Copy API Key] [Copy API Secret] [Close] │
╰──────────────────────────────────────────────────────╯
Using Your Credentials
Authentication Flow
1. Create credentials → Dashboard > API Keys
↓
2. Get JWT token → POST /api-clients/token
↓
3. Call the API → Authorization: Bearer <token>
Get a JWT Token
Use your credentials to obtain a token:
curl -X POST "https://api2.gotravelyzer.com/api-clients/token" \
-H "Content-Type: application/json" \
-d '{
"apiKey": "gck_your_api_key",
"apiSecret": "gcs_your_api_secret",
"expiresIn": "24h"
}'Response:
{
"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"expiresAt": "2026-02-24T12:00:00.000Z",
"clientId": "client_mlxy7tuphn77ug"
}Use the Token
curl "https://places.gotravelyzer.com/v1/geocoding/forward?query=Paris" \
-H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."Managing Existing Keys
Key List
The table displays for each key:
| Column | Description |
|---|---|
| Name | Key identifier |
| Client ID | Unique ID (e.g., client_xxx) |
| API Key | Masked key (gck_****...) |
| Plan | Associated plan (Free, Starter, etc.) |
| Created | Creation date |
| Status | Active or Inactive |
Available Actions
| Action | Description |
|---|---|
| View stats | Key usage statistics |
| Edit | Change name or description |
| Regenerate secret | Create a new secret (invalidates the old one) |
| Delete | Permanent deletion |
Regenerating the Secret
If you think your secret has been compromised, or if you've lost it:
- Go to Dashboard > API Keys
- Click on the ⋮ (three dots) of the relevant key
- Select "Regenerate secret"
- Confirm the action
- Copy the new secret
Warning: After regeneration, the old secret is immediately invalidated. All tokens generated with the old secret remain valid until they expire.
Statistics by Key
For each key, access detailed statistics:
Available Metrics
| Metric | Description |
|---|---|
| Total requests | Total number of requests |
| Requests this month | Monthly quota usage |
| Success rate | Percentage of successful requests |
| Average latency | Average response time |
Distribution by Endpoint
/v1/geocoding/forward ████████████████████ 85%
/v1/geocoding/reverse ███ 10%
/v1/geocoding/autocomplete █ 4%
/v1/geocoding/batch ▌ 1%
Usage Graph
Visualize usage over 7, 30, or 90 days.
Key Rotation
Why Rotate?
- Security: Limit the impact of a compromised key
- Compliance: Meet security policies
- Best practices: Regular rotation recommended (every 90 days)
Rotation Process
- Create a new key with a temporary name (e.g., "Production-v2")
- Update your applications with the new credentials
- Verify that the new key works correctly
- Delete the old key once migration is confirmed
- Rename the new key if necessary
Best Practices
Secret Security
Never commit your credentials in source code or Git repository.
# .env (do not commit this file)
TRAVELYZER_API_KEY=gck_your_api_key
TRAVELYZER_API_SECRET=gcs_your_api_secret# .gitignore
.env
.env.local
.env.production
*.secretOne Key per Environment
| Environment | Suggested Name |
|---|---|
| Local development | dev-local |
| CI/CD | ci-tests |
| Staging | staging |
| Production | production |
Descriptive Naming
Use clear names to easily identify your keys:
- ✅
production-backend-v1 - ✅
mobile-app-ios - ✅
staging-frontend - ❌
test123 - ❌
my_key
Limits by Plan
| Plan | Max API Keys |
|---|---|
| Free | 2 |
| Pay as you go | 5 |
| Starter | 10 |
| Growth | 25 |
| Enterprise | Unlimited |
Frequently Asked Questions
I lost my API Secret, what should I do?
Use the "Regenerate secret" function in the Dashboard. A new secret will be generated and the old one will be invalidated.
Can I have multiple keys?
Yes, you can create multiple keys according to your plan. It's recommended to separate environments (dev, staging, production).
How long does a JWT token last?
By default, 1 hour. You can configure the duration when generating the token (expiresIn: "1h", "24h", "7d", "30d").
Can a key be shared between multiple applications?
Technically yes, but it's not recommended. Use a distinct key per application to:
- Isolate statistics
- Facilitate rotation
- Limit the impact of a compromise