TaigaTaiga

Authentication

How to authenticate requests to the Taiga Partner API.

All requests require a Bearer token in the Authorization header.

Authorization: Bearer tga_live_...

Include this header on every request. Requests without a valid key receive a 401 response:

{
  "error": "Invalid or missing API key"
}

Getting a key

  1. Sign in to the Partner Portal.
  2. Go to API Keys.
  3. Click New Key, add a label, and copy the key.

The full key is shown only once. If you lose it, revoke it and create a new one.

Key format

Keys use the format tga_live_ followed by 64 hex characters:

tga_live_49a37d09074fc6bec607f153c8a7d47a638646ff55d56a8e103165a02ab59b45

The first 16 characters (the prefix, e.g. tga_live_49a37d0) are visible in the portal so you can identify which key is which.

Multiple keys

You can create multiple keys per organization — useful for separating staging and production, or rotating keys without downtime:

  1. Create a new key in the portal.
  2. Update your backend to use the new key.
  3. Revoke the old key once traffic has migrated.

Key security

  • Never expose keys in client-side code or public repositories.
  • Store keys in environment variables or a secrets manager.
  • Rotate keys regularly — create a new key, migrate, then revoke the old one.
  • If a key is compromised, revoke it immediately in the portal and create a replacement.
  • Keys are hashed on our side — we cannot recover a lost key for you.

Scoping

API keys are scoped to your partner organization. A key can access all providers and sessions belonging to your organization, but cannot access other partners' data.

Quickstart

End-to-end integration in 3 API calls.

Onboard a Provider

Register a therapist and their practice before submitting sessions.

On this page

Getting a keyKey formatMultiple keysKey securityScoping