API Headers
A complete guide to the custom authentication and identification headers used by the SecuriX proxy.
The SecuriX proxy requires specific headers to identify your application and the user being proxied.
Required Headers
When making requests to the SecuriX proxy (e.g., https://proxy.securix.app/google/), these headers are mandatory. They allow SecuriX to identify your application and retrieve the correct vaulted tokens for the user.
| Header Name | Type | Description | Required? |
|---|---|---|---|
securix-api-key | String | Your unique SecuriX developer API key found in the SecuriX Dashboard. | Yes |
securix-entity-id | String | The unique ID of the user whose data you're accessing. This must match the entityId provided during the initial auth session creation. | Yes |
securix-agent-id | String | The unique ID of agent created in Securix Agents Page. | Yes |
Optional Headers
| Header Name | Type | Description |
|---|---|---|
X-SecuriX-Audit-Note | String | An optional human-readable note that will appear in the user's SecuriX portal for that specific request (e.g., "Summarizing Gmail inbox"). |
X-SecuriX-Strict-Mode | Boolean | If true, SecuriX will fail the request if any data-scrubbing rules are violated instead of just redacting sensitive fields. |
Example Header Configuration
GET /gmail/v1/users/me/messages HTTP/1.1
Host: gmail.api.securix.app
securix-api-key: sx_api_key_xyz_789
securix-entity-id: user_12345
securix-agent-id: gemini_vscode_1
X-SecuriX-Audit-Note: Summarizing recent emails for agent contextSecurity Best Practices
Store Keys Securely
Never expose your securix-api-key in client-side code (frontend). Use it only in your backend or through a secure environment variable.
Use Environment Variables
We recommend using standard naming conventions like SECURIX_API_KEY in your environment files (.env).
Rotate Keys
If you suspect your securix-api-key has been compromised, you can rotate it instantly from the Securix Dashboard.