Skip to main content

Getting Started

The GraphQL endpoint for all requests:


​ Our API authenticates requests using an API Key and User ID.

For each request, your User ID and API key must be sent as a base64-encoded string in the Authorization header. Curri uses HTTP Basic Auth​ headers.

Continue below for more info on authenticating your API requests.


Please treat your API Key as you would a password. We suggest storing it in a secure vault or environment variable to be used by your server. Do not expose your API key in client-side, customer-facing code.

Send base64-encoded User ID & API key in Authorization header

​ Simply base64-encode a string with your User ID and API Key joined with a colon (:). ​ Example header:

Authorization: `Basic ${base64encode(userId + ':' + apiKey)}`

Full NodeJS example:

const userID = `<YOUR USER ID>`
const apiKey = '<YOUR API KEY>'
const authToken = btoa(userId + ':' + apiKey)
const authHeader = 'Basic ' + authToken

fetch("", {
"headers": {
"accept": "application/json",
"authorization": authHeader,
"content-type": "application/json",
"body": JSON.stringify({
query: `
query {
currentUser {
variables: {
"method": "POST"

Paste the code above into the console of your web browser. If everything is configured correctly, you should see the Curri API returning both your user ID as well as your email address.

Common Authentication Pitfalls

  • You're using the API key directly in your headers and not a Base-64 encoded interpolation of your user ID + a colon + your API key
  • You're not targeting the correct URL (
  • Your authentication headers are not perfectly formatted (spaces and capitalization matter!)


Along with your API key, you will also receive a Sandbox key which will allow you to run through test deliveries.

No actual drivers will be assigned and no charges will be processed. None of the standard notifications will be sent (SMS, email).

Just replace your API key with the Sandbox key in the authentication step above.