View as Markdown

Authentication

All Proctorio API requests require authentication using an API key. Your API key identifies your integration and authorizes access to Proctorio services.

Getting an API Key

API keys are provisioned by your Proctorio account manager during integration setup. Each key is:

  • Tied to your organization's account
  • Scoped to specific regions (AU, CA, DE, EU, IN, JP, SA, SG, UK, US)
  • Enabled for the endpoints your integration requires

API Key Format

Your API key is composed of two parts:

api_key = {consumer_key}{MD5(secret)}
ComponentDescription
consumer_keyYour unique identifier (provided during setup)
secretYour secret key (provided during setup)
MD5(secret)The MD5 hash of your secret, in lowercase hexadecimal

Key Formats You May Receive

Depending on your integration setup, you may receive credentials in one of two formats:

Option 1: Full API Key — A single pre-computed string ready to use:

a1b2c3d4e5f67890a1b2c3d4e5f678906286c281a69bb4cd781276f71da08d53

Option 2: Consumer Key + Secret — Two separate values that you combine:

Consumer Key: a1b2c3d4e5f67890a1b2c3d4e5f67890
Secret:       12345678abcdef0012345678abcdef00

To compute the full API key from Option 2:

  1. Calculate the MD5 hash of your secret
  2. Concatenate: {consumer_key}{md5_hash}

Example: Computing the API Key

import hashlib

consumer_key = "a1b2c3d4e5f67890a1b2c3d4e5f67890"
secret = "12345678abcdef0012345678abcdef00"

# Compute MD5 hash of secret
md5_hash = hashlib.md5(secret.encode()).hexdigest()
# md5_hash = "6286c281a69bb4cd781276f71da08d53"

# Combine to form API key
api_key = consumer_key + md5_hash
# Result: a1b2c3d4e5f67890a1b2c3d4e5f678906286c281a69bb4cd781276f71da08d53
import { createHash } from 'crypto';

const consumerKey = 'a1b2c3d4e5f67890a1b2c3d4e5f67890';
const secret = '12345678abcdef0012345678abcdef00';

// Compute MD5 hash of secret
const md5Hash = createHash('md5').update(secret).digest('hex');
// md5Hash = "6286c281a69bb4cd781276f71da08d53"

// Combine to form API key
const apiKey = consumerKey + md5Hash;
// Result: a1b2c3d4e5f67890a1b2c3d4e5f678906286c281a69bb4cd781276f71da08d53

Using Your API Key

Include your API key in the api_key header of every request:

curl -X POST https://us1.proctorapi.com/v2/candidate/launch \
  -H "api_key: YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"launch_url": "https://..."}'

Header Format

HeaderValueRequired
api_keyYour API keyYes
Content-Typeapplication/jsonYes (for POST requests)

Regional Endpoints

Your API key is provisioned for specific regions. Use the regional endpoint that matches your key:

RegionBase URL
Australiahttps://au1.proctorapi.com
Canadahttps://ca1.proctorapi.com
Germanyhttps://de1.proctorapi.com
Europehttps://eu1.proctorapi.com
Indiahttps://in1.proctorapi.com
Japanhttps://jp1.proctorapi.com
South Africahttps://sa1.proctorapi.com
Singaporehttps://sg1.proctorapi.com
United Kingdomhttps://uk1.proctorapi.com
United Stateshttps://us1.proctorapi.com

Using the wrong region returns a 401 error with code 2155 - Incorrect region.

Error Responses

Authentication failures return 401 Unauthorized with one of these codes:

CodeMessageMeaning
2154Account not activeYour account is disabled or suspended
2155Incorrect regionAPI key is not valid for this regional endpoint
2655Invalid api_keyThe API key is missing, malformed, or revoked

Security Best Practices

  • Never expose your API key in client-side code, public repositories, or browser requests
  • Use environment variables to store keys in your server application
  • Rotate keys periodically by requesting a new key from your account manager
  • Use separate keys for development/staging and production environments
  • Monitor usage through your Proctorio dashboard for unexpected activity

Example: Environment Variable Usage

import os
import requests

API_KEY = os.environ.get('PROCTORIO_API_KEY')

response = requests.post(
    'https://us1.proctorapi.com/v2/candidate/launch',
    headers={
        'api_key': API_KEY,
        'Content-Type': 'application/json'
    },
    json={'launch_url': 'https://...'}
)
const API_KEY = process.env.PROCTORIO_API_KEY;

const response = await fetch('https://us1.proctorapi.com/v2/candidate/launch', {
  method: 'POST',
  headers: {
    'api_key': API_KEY,
    'Content-Type': 'application/json'
  },
  body: JSON.stringify({ launch_url: 'https://...' })
});