Authentication
Issue an API key and send it as a Bearer token.
All requests require a key. Create one from the dashboard and pass it in the
Authorization header.
Authorization: Bearer mk_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxCreating a key
Open Dashboard → API Keys and click Create key. Copy the value immediately; it is shown once and then hashed at rest.
Rotation
Keys do not expire automatically. Rotate by creating a new key, updating your clients, and revoking the old one.
Scoping
Each key is tied to a single project. A request uses the billing, rate limits and enabled features of the project the key belongs to.
Never expose keys client-side
Server-side only. In browser or mobile contexts, proxy through your own backend and pass only per-user, short-lived tokens to the client.