Authentication

Bearer token auth

Send your API key in the Authorization header:

Authorization: Bearer <API_KEY>

All /v1/* endpoints require this header.

In self-hosted setups, any key stored in accounts.api_key is accepted.

{
  "error": {
    "code": "unauthorized",
    "message": "Missing or invalid Authorization header"
  }
}

{
  "error": {
    "code": "unauthorized",
    "message": "Invalid API key"
  }
}

⌘I