AutoPostcode
LoginStart Free Trial
Developer guide

API authentication & keys

How AutoPostcode API authentication works. Create, rotate and secure API keys for UK postcode lookup — keep them server-side and scope them per environment.

Start free trial Book a demo

No card required · Royal Mail PAF-verified data

Trusted UK address intelligence

31M+
UK addresses
1.8M
Postcodes
99.9%
Uptime
PAF-verified address lookup
Fast REST API & no-code plugins
GDPR-friendly, UK-hosted

Every AutoPostcode request is authenticated with an API key tied to your account. Treat keys as secrets.

Key best practices

  • Store keys in environment variables or a secret manager
  • Use separate keys for test and production
  • Proxy front-end requests through your server so the key stays hidden
  • Rotate keys periodically and revoke any that may have leaked

Managing keys

Create and revoke keys from your dashboard. For server integrations, see Node.js and PHP examples.

Next steps

Review rate limits and error handling, then go live using testing & sandbox.

Frequently asked questions

How do I authenticate API requests?

Pass your API key with each request as configured in your dashboard. Keep the key server-side and never embed it in public client code.

Can I rotate or revoke a key?

Yes — create, rotate and revoke keys from your dashboard. Use separate keys for test and production.

What happens if my key leaks?

Revoke it immediately and issue a new one. Restrict usage by environment and monitor your request logs.

Ready to get started?

Add Royal Mail PAF-verified UK address lookup to your site in minutes — start free, no card required.

Start free trial View pricing

Related guides

Developer docs (hub)API quickstartRate limitsTesting & sandbox