Authentication
How to authenticate requests against your API.
How to authenticate requests against your API.
All API requests must include an API key. Send it as a Bearer token in the
Authorization header:
GET /things HTTP/1.1
Host: api.example.com
Authorization: Bearer sk_live_xxxSign in to your dashboard → Settings → API keys → Create key. Treat keys like passwords — never commit them to source control or expose them client-side.
Keys can be rotated at any time. Rotation invalidates the previous key immediately, so update your environment first, then rotate.
For finer-grained access (CI bots, read-only integrations), create a scoped key. Scoped keys can be limited to specific resources or operations.