API Keys
All API endpoints accept an x-api-key header. Get your key from the dashboard under Kit Config → API Keys.
Keys are prefixed:
sk_live_ — production key
sk_test_ — test key (same API, isolated data)
Never expose your API key in client-side code or public repos. Use environment variables.
Session Cookies
The dashboard uses HTTP-only session cookies set by POST /v1/auth/login. Cookie auth is automatically used by browsers — no header needed.
Auth endpoints
GET /v1/auth/me
Error responses
Unauthenticated requests return 401:
Insufficient plan returns 403: