Authentication
Every Serplify API request is authenticated with an API key sent as a
Bearer token in the Authorization header.
Authorization: Bearer live_your_key_hereGetting a key
Section titled “Getting a key”- Sign in at app.serplify.io.
- Go to API keys.
- Create key — pick a label and
liveortestprefix. - Copy the key immediately. The plaintext is shown once and never again.
Keys are scoped to your account and share your account’s single prepaid balance. You can create multiple keys (e.g. per environment or per service) and revoke or reactivate any of them at any time.
Missing or invalid keys
Section titled “Missing or invalid keys”On the native /v1 API, an authentication failure returns a real HTTP status:
{ "error": { "code": "unauthorized", "message": "Missing or invalid API key." } }| Situation | HTTP | error.code |
|---|---|---|
No Authorization header | 401 | unauthorized |
| Unknown / revoked key | 401 | unauthorized |
| Balance too low for the request | 402 | insufficient_balance |
Keeping keys safe
Section titled “Keeping keys safe”- Never embed a
live_key in client-side code or a public repo. - Use
test_keys in development. - Revoke a key the moment it may have leaked — revocation is instant.