API Authentication
Authenticate Business API requests with a Bearer API key
Send the API key in the standard Authorization header:
Authorization: Bearer sk-your-api-keyKey practices
- Use API keys only from trusted server environments.
- Create separate keys for production, staging, and individual integrations.
- Revoke a key immediately when it may have been exposed.
- Do not include keys in URLs, logs, analytics events, screenshots, or support messages.
- A canceled Business subscription remains usable until its current paid period ends. Existing keys stop authorizing API requests after that date.
Missing, malformed, inactive, and invalid keys return HTTP 401. A valid key without an active Business subscription returns HTTP 403.