UniApplyForMe Data
Documentation

Authentication

All authenticated API endpoints require an API key passed via the X-API-Key header.

API Key format

All tokens follow this format:

uafm_live_<48-hex-character-string>   # Production token
uafm_sandbox_<48-hex-character-string> # Sandbox token

Sending the header

curl https://api.apply.org.za/v1/bursaries \
  -H "X-API-Key: uafm_live_your_token_here"

Error responses

401 UnauthorizedNo API key provided or key is invalid
403 ForbiddenAPI key lacks the required scope for this endpoint
429 Too Many RequestsRate limit exceeded — see rate limit headers

Keeping keys secure

  • Never expose your API key in client-side JavaScript or public repositories.
  • Use environment variables to store keys (e.g. UAFM_API_KEY).
  • Use sandbox tokens during development — they hit the same API but are rate-limited separately.
  • Rotate keys immediately if you suspect a compromise.