Generating REST API authentication keys
Each project requires a separate key to authenticate you. This means you don't need to tell the API which project you're referring to, or who you are. Anyone in possession of your key can act as your user account and with your project roles.
You can generate API keys from your Loco project dashboard. From the management view, expand the "Developer Tools" panel at the top-right and click the "API keys" link with the :key icon:
API keys provide read and write access to your project, so treat them as you would your password.
Avoid sharing your keys with colleagues or committing them into public or shared code repositories.
Note that the Loco API operates over SSL only.
If you need a key just for exporting translations, you should use a key with read only access. If anyone else has access to your deployment scripts this will prevent them having more privileged access to your project than they should.
The Loco dashboard provides you with both read only and full access keys. When downloading translations from the Loco interface it will use the read only key automatically.
To use your key with the API, you can send it as a query string
key parameter or as an Authentication header. See full details