Authentication
Puga Trinicare uses Bearer Token authentication via JWT. All API requests must be made over HTTPS.
API Keys
You can manage your API keys in the developer dashboard. We provide two types of keys:
Publishable Key
Used in client-side applications (Flutter, React). Limited to public resources.
pk_test_...Secret Key
Used for server-to-server communication. Never expose this key in client-side code.
sk_test_...Request Format
Include your secret key in the Authorization header of every request.
curl -X GET https://api.pugatrinicare.com/v1/patients \ -H "Authorization: Bearer YOUR_SECRET_KEY" \ -H "Content-Type: application/json"
Security Best Practices
- Rotate your secret keys every 90 days.
- Use environment variables to store keys.
- Restrict IP addresses allowed to use your Secret Keys.
- Never commit your keys to version control systems like Git.