Authentication
All external API endpoints require an API key passed in the X-API-Key header.
Obtaining an API Key
API keys are issued by an eTax Gateway administrator via the Admin Console at /admin. Keys follow the format sk_etax_<random>.
Using Your API Key
Include the key in every request:
curl https://dev-etax.siamprop.app/api/v1/documents \
-H "X-API-Key: sk_etax_your_key_here" \
-H "X-Idempotency-Key: idem-001" \
-H "Content-Type: application/json" \
-d '{ ... }'
Key Security
- Never share your API key or commit it to source control
- Store keys in environment variables or secrets managers
- If a key is compromised, ask an admin to revoke it and issue a new one
Idempotency Keys
Every POST request requires the X-Idempotency-Key header.
| Rule | Detail |
|---|---|
| Format | [a-zA-Z0-9._:-]{8,128} |
| Uniqueness | Must be unique per new request |
| Reuse | Reuse the same key to safely retry — returns the original response |
| Expiry | Keys expire after 24 hours |
Good key formats:
idem-2026-03-09T14:30:00-order-99
order-99-attempt-1
uuid-550e8400-e29b-41d4-a716-446655440000
Error Responses
| Scenario | HTTP | errorCode |
|---|---|---|
| Missing or invalid API key | 401 | UNAUTHORIZED |
| API key for wrong source | 401 | UNAUTHORIZED |
| Missing idempotency key | 422 | VALIDATION_ERROR |
| Malformed idempotency key | 422 | VALIDATION_ERROR |