Authentication

Secure your API requests with API keys

API Key Authentication

The SeaLegs API uses API keys to authenticate requests. You can create and manage API keys from your dashboard.

Include your API key in the Authorization header of every request:

Authorization: Bearer sk_live_your_api_key_here

Keep Your API Keys Secure

  • Never share your API keys publicly
  • Don't commit API keys to version control
  • Use environment variables to store keys
  • Rotate keys periodically
  • Use different keys for development and production

API Key Format

API keys follow this format:

sk_live_xxxxxxxxxxxxxxxx   # Production key
sk_test_xxxxxxxxxxxxxxxx   # Test/sandbox key (coming soon)
Prefix Environment Description
sk_live_ Production Use in production applications. Charges credits.
sk_test_ Sandbox Use for testing. Returns mock data. (Coming soon)

Creating API Keys

To create a new API key:

  1. Log in to your developer dashboard
  2. Navigate to "API Keys"
  3. Click "Create New Key"
  4. Enter a descriptive name for your key
  5. Copy and securely store the key

One-Time Display

API keys are only displayed once when created. If you lose a key, you'll need to create a new one and revoke the old one.

Example Requests

# Using the Authorization header (recommended)
curl https://api.sealegs.ai/v3/spotcast/spc_abc123 \
  -H "Authorization: Bearer sk_live_your_api_key"
import requests
import os

# Store API key in environment variable
API_KEY = os.environ.get("SEALEGS_API_KEY")

response = requests.get(
    "https://api.sealegs.ai/v3/spotcast/spc_abc123",
    headers={
        "Authorization": f"Bearer {API_KEY}"
    }
)

print(response.json())
// Store API key in environment variable
const API_KEY = process.env.SEALEGS_API_KEY;

const response = await fetch(
  'https://api.sealegs.ai/v3/spotcast/spc_abc123',
  {
    headers: {
      'Authorization': `Bearer ${API_KEY}`
    }
  }
);

const data = await response.json();
console.log(data);

Authentication Errors

If authentication fails, you'll receive one of these errors:

Status Error Code Description
401 missing_api_key No API key was provided in the request
401 invalid_api_key The API key is invalid or has been revoked
403 key_suspended The API key has been suspended

Example error response:

{
  "error": {
    "code": "invalid_api_key",
    "message": "The API key provided is invalid or has been revoked."
  }
}

Key Management

Revoking Keys

If you believe a key has been compromised, revoke it immediately from your dashboard. Revoked keys will stop working instantly.

Multiple Keys

You can create multiple API keys for different purposes:

  • Separate keys for development and production
  • Different keys for different applications
  • Keys for different team members

Key Rotation

We recommend rotating your API keys periodically:

  1. Create a new API key
  2. Update your application to use the new key
  3. Verify the new key works correctly
  4. Revoke the old key

Security Best Practices

Use Environment Variables

Never hardcode API keys in your source code. Use environment variables or a secrets manager.

Restrict Key Scope

Create separate keys for different environments and applications with appropriate permissions.

Monitor Usage

Regularly check your API usage in the dashboard to detect any unusual activity.

Rotate Regularly

Rotate your API keys periodically, especially if team members leave or keys may have been exposed.