Skip to main content
The Qonversion API uses Bearer token authentication. There are two types of keys:

Project Key

Used for standard API requests — retrieving users, properties, identities, entitlements, and creating purchases. Find your Project Key in Project settings in the Qonversion dashboard. 
curl --request GET \
  --url https://api.qonversion.io/v3/users/{id} \
  --header 'Authorization: Bearer PROJECT_KEY' \
  --header 'Content-Type: application/json'
All examples in this documentation use the Qonversion sample app Project Key (test_PV77YHL7qnGvsdmpTs7gimsxUvY-Znl2) for testing.

Secret Key

Used for advanced operations that modify user access — granting and revoking entitlements.
  • Prefixed with sk_
  • Found in Project settings in the Qonversion dashboard
The Secret API key should only be stored on your server. Never use your secret key in Android, iOS, or web apps.
curl --request POST \
  --url https://api.qonversion.io/v3/users/{user_id}/entitlements \
  --header 'Authorization: Bearer sk_YOUR_SECRET_KEY' \
  --header 'Content-Type: application/json' \
  --data '{"id": "plus", "expires": 1704067200}'

Which key to use?

EndpointKey Required
Retrieve / Create UsersProject Key
Retrieve / Create User PropertiesProject Key
Retrieve / Create IdentitiesProject Key
Retrieve EntitlementsProject Key
Grant EntitlementSecret Key
Revoke EntitlementSecret Key
Create PurchaseProject Key