Skip to main content

Authentication

The WikiParfum API uses API key authentication. Every request must include the key in the Authorization header. 
Authorization: <YOUR_API_KEY>
The API key uniquely identifies your integration and controls access to the platform.

GraphQL endpoint

All interactions are performed through a single GraphQL endpoint: 
https://api.wikiparfum.com/graphql

Server-side execution only

All WikiParfum API requests must be executed server-side. Client-side execution from browsers or mobile applications is not allowed. The required communication pattern is: 
Client → Your backend → WikiParfum API

Why server-side only

Executing requests server-side ensures:
  • API keys remain confidential
  • Requests can be validated and controlled
  • Abuse and unauthorized usage are prevented
  • Recommendation logic remains protected

Storing and securing API keys

API keys must never be exposed in frontend code. Recommended storage methods:
  • Environment variables
  • Server-side secret managers
  • Encrypted configuration stores
Do not:
  • Embed API keys in JavaScript bundles
  • Commit API keys to source control
  • Expose API keys in network requests visible to the client
Your backend should act as the only gateway between your applications and the WikiParfum API.