Skip to main content

Security

Your API keys carry full privileges to your account. Be sure to keep them secure!
  • Do not share your secret API keys in publicly accessible areas such as GitHub, client-side code, or front-end applications.
  • Do not expose keys in browser scripts. All API requests should be made from your own secure server (backend).

How to Authenticate

The API uses the Bearer Authentication scheme. To authenticate a request, you must provide your API key in the Authorization header.

Header Format

All API requests must include the following header:
Replace sk_live_YOUR_API_KEY with your actual API key.Example Usage

Example Usage

The following examples demonstrate how to set the Authorization header in various environments.
cURL

Failed Authentication

If an API key is missing, malformed, or invalid, the API will respond with a 401 Unauthorized status code.
Status CodeMeaningReason
200 OKAuthenticatedThe API key is valid and the request was processed.
401 UnauthorizedInvalid KeyThe key is missing, incorrect, or has been revoked.