Authentication

All API requests require an API key. Keys are scoped to your organization and carry member-level permissions.

API key format

Keys start with the sk_ prefix:

sk_prod_a1b2c3d4e5f6...

You can create and manage keys from the API Keys page in your dashboard.

Passing your key

You can authenticate using either of these headers:

`x-api-key` header (recommended)

`Authorization: Bearer` header

Code examples

JavaScript (fetch)

Python (requests)

Error responses

401 — Missing or invalid key

Returned when no API key is provided, the key doesn't start with sk_, or the key is invalid.

{
  "error": "This endpoint requires API key authentication. Provide key via x-api-key header or Authorization: Bearer sk_*"
}

401 — Key disabled

Returned when the API key has been disabled in the dashboard.

{
  "error": "API key is disabled. Re-enable it from the dashboard."
}

403 — Account suspended

Returned when the account associated with the API key has been suspended.

{
  "error": "Your account has been suspended. API access is disabled."
}

403 — Organization not found

Returned when the organization linked to the API key no longer exists.

{
  "error": "The organization associated with this API key no longer exists"
}

429 — Rate limited

Returned when the API key has exceeded its rate limit.

{
  "error": "API key rate limit exceeded"
}

Security tips

Never commit keys to version control. Use environment variables or a secrets manager.

Rotate keys regularly. You can rotate keys from the dashboard without downtime — the old key stays active until you revoke it.

Use separate keys for development and production.

Revoke compromised keys immediately from the API Keys page.

API key format#

Passing your key#

x-api-key header (recommended)#

Authorization: Bearer header#

Code examples#

JavaScript (fetch)#

Python (requests)#

Error responses#

401 — Missing or invalid key#

401 — Key disabled#

403 — Account suspended#

403 — Organization not found#

429 — Rate limited#

Security tips#