v1.0 • Lead Management
Secure your API requests with Bearer token authentication
Understanding the structure of API keys
sk-workspace_[random_string]sk-workspace_•••••••••••••••••••••••••••••••••••••••••••••••••Include the key in the Authorization header of every request
Authorization: Bearer sk-workspace_your_api_key_herecurl -X GET "https://your-domain.com/api/v1/leads" \
-H "Authorization: Bearer sk-workspace_your_api_key_here" \
-H "Content-Type: application/json"Keep your API keys safe and secure
Store keys in environment variables, not in code
# .env file
API_KEY=sk-workspace_your_api_key_here
# In your code
const apiKey = process.env.API_KEY;Never use API keys in frontend JavaScript, mobile apps, or any client-side code.
Generate new API keys periodically and update your applications.
Keep track of API key usage in your workspace dashboard.
1. Immediately delete the compromised key from your workspace
2. Generate a new API key
3. Update all applications using the old key
4. Monitor for any unauthorized usage
Common authentication error responses
{
"success": false,
"error": "Missing authorization header",
"code": "MISSING_AUTH_HEADER"
}{
"success": false,
"error": "Invalid API key",
"code": "INVALID_API_KEY"
}{
"success": false,
"error": "Malformed authorization header. Expected format: Bearer <token>",
"code": "MALFORMED_AUTH_HEADER"
}Now that you understand authentication, learn about rate limiting and explore the available API endpoints.