Authentication

All API requests require authentication via an API key passed in the Authorization header.

API Key format

Keys use the format sk_live_ followed by 32 random characters:

sk_live_aBcDeFgHiJkLmNoPqRsTuVwXyZ012345

Using your key

Include the key in the Authorization header with the Bearer scheme:

curl -H "Authorization: Bearer sk_live_YOUR_KEY" \
  "https://api.emailclassifier.com/v1/[email protected]"

Key management

You can manage your API keys from the Dashboard:

• Create new keys with descriptive names (e.g., "Production", "Staging")
• Revoke keys that are compromised or no longer needed
• View key prefixes and last usage timestamps

Security best practices

| Do | Don't | |---|---| | Store keys in environment variables | Commit keys to source control | | Use different keys per environment | Share keys between applications | | Revoke unused keys | Log full API keys | | Rotate keys periodically | Expose keys in client-side code |

Key limits by plan

| Plan | Max API keys | |---|---| | Free | 1 | | Starter | 3 | | Growth | 5 | | Scale | 10 |

Error responses

If authentication fails, you'll receive a 401 Unauthorized response:

{
  "error": {
    "code": "unauthorized",
    "message": "Invalid or missing API key"
  },
  "request_id": "req_abc123"
}