Bearer Token (Recommended)
API Key Header
API Key Format
| Environment | Prefix | Example |
|---|---|---|
| Staging | sk_staging_ | sk_staging_abc123def456... |
| Production | sk_live_ | sk_live_abc123def456... |
How It Works
- The API extracts your key from the
Authorizationorx-api-keyheader - The first 16 characters are used to look up your partner account
- The full key is verified against the stored hash using bcrypt
- Validated keys are cached for 5 minutes to reduce latency on subsequent requests
What Gets Attached
On successful authentication, the API attaches your partner context to the request. This includes your partner ID, fee configuration, and a data filter that scopes all queries to your account.Error Responses
401 — Missing or invalid API key
403 — Partner suspended