API Keys
All API endpoints accept an x-api-key header. Get your key from the dashboard under Kit Config → API Keys.
curl https://schedkit.net/v1/auth/me \
-H "x-api-key: sk_live_YOUR_KEY"
sk_live_ — production keysk_test_ — test key (same API, isolated data)
Never expose your API key in client-side code or public repos. Use environment variables.
Session Cookies
The dashboard uses HTTP-only session cookies set by POST /v1/auth/login. Cookie auth is automatically used by browsers — no header needed.
# Login and save cookie
curl -c cookies.txt -X POST https://schedkit.net/v1/auth/login \
-H "Content-Type: application/json" \
-d '{"email":"you@example.com","password":"..."}'
# Use session cookie
curl -b cookies.txt https://schedkit.net/v1/auth/me
Auth endpoints
| Method | Path | Description |
|---|
POST | /v1/auth/login | Login, set session cookie |
POST | /v1/auth/logout | Logout, clear session |
GET | /v1/auth/me | Get current authenticated user |
GET /v1/auth/me
{
"id": 42,
"email": "you@example.com",
"name": "Your Name",
"slug": "yourname",
"plan": "starter",
"timezone": "America/Chicago"
}
Error responses
Unauthenticated requests return 401:
{ "error": "Unauthorized" }
403:
{ "error": "Upgrade required", "upgrade": true }
