Skip to main content

API key types

Every account has two types of API keys:
Secret keys (sk_) must never be exposed in client-side code, browser bundles, or public repositories.

Making authenticated requests

Pass your API key as a Bearer token in the Authorization header on every request.

Scopes

Keys are issued with one or more scopes. Requests that exceed the key’s scope receive 403 Forbidden.

Managing keys

Create, rotate, and revoke keys from the Settings → API Keys page in your dashboard, or via the API keys endpoint.

Errors