Authentication
All API requests require a valid API key passed via the Authorization header. Requests without
a valid key will receive a 401 Unauthorized response.
API Keys
API keys are associated with your account and provide access to your data. To obtain a key:
- Sign in to your account dashboard.
- Navigate to the API Keys section.
- Click Generate New Key.
- Copy and store your key securely - it will not be shown again.
Your API key will look like this:
sk_live_4eC39HqLyjWDarjtT1zdp7dcKeys are prefixed with sk_live_ for production and sk_test_ for test environments.
Test keys do not affect live data.
Request Headers
Pass your API key in the Authorization header using the Bearer scheme. Include
Content-Type: application/json on requests with a body.
curl -H "Authorization: Bearer sk_live_4eC39HqLyjWDarjtT1zdp7dc" \
-H "Content-Type: application/json" \
https://api.oscarrondon.com/v1/contentconst response = await fetch('https://api.oscarrondon.com/v1/content', {
headers: {
'Authorization': 'Bearer sk_live_4eC39HqLyjWDarjtT1zdp7dc',
'Content-Type': 'application/json'
}
});
const data = await response.json();import requests
headers = {
'Authorization': 'Bearer sk_live_4eC39HqLyjWDarjtT1zdp7dc',
'Content-Type': 'application/json'
}
response = requests.get('https://api.oscarrondon.com/v1/content', headers=headers)
data = response.json()Security Best Practices
Follow these guidelines to keep your API key secure:
- Never include API keys in client-side code or public repositories.
- Store keys in environment variables or a secrets manager, not in source files.
- Rotate keys regularly. If a key is compromised, revoke it immediately from the dashboard.
- Use HTTPS for all requests - the API does not accept plain HTTP connections.
- Restrict key permissions to only the operations your application requires.