Skip to main content

API Keys

All API endpoints accept an x-api-key header. Get your key from the dashboard under Kit Config → API Keys.
Keys are prefixed:
  • sk_live_ — production key
  • sk_test_ — test key (same API, isolated data)
Never expose your API key in client-side code or public repos. Use environment variables.

Session Cookies

The dashboard uses HTTP-only session cookies set by POST /v1/auth/login. Cookie auth is automatically used by browsers — no header needed.

Auth endpoints

GET /v1/auth/me

Error responses

Unauthenticated requests return 401:
Insufficient plan returns 403: