Authentication

Every /v1/* request requires an API key in the Authorization header. Keys are created from the dashboard.

Bearer token

Send your key as Authorization: Bearer rx_live_…. Treat keys like passwords — never commit them to git or paste them in client-side code.

Authorization: Bearer rx_live_abcdef0123456789...

What a key controls

Per-key expiry, per-key spend cap, and revocation are managed from /dashboard/keys.