API Key Configuration

Issue and manage secure API keys for programmatic access.

API keys are the recommended way to integrate Spindle into backend services, automation pipelines, and product workflows.

Key Basics

• Keys are created per team.
• Keys begin with sk_live_.
• Each key can be revoked at any time.
• Treat keys like passwords: never expose them in client-side code or public repos.

Creating a Key

1. Open Settings → API Keys.
2. Choose the team the key should belong to.
3. Name the key so it is easy to identify later.
4. Copy it immediately and store it in your secrets manager.

Using a Key

Use either the Authorization header or x-api-key header.

curl -X POST "https://api.yourdomain.com/v1/extract" \
  -H "Authorization: Bearer sk_live_your_api_key" \
  -H "x-team-id: your_team_id" \
  -H "Content-Type: application/json" \
  -d '{ "url": "https://example.com", "format": "json" }'

Recommended Practices

• Create separate keys for production, staging, and local testing.
• Rotate keys periodically.
• Revoke keys immediately if they are exposed.
• Scope operational ownership by team instead of sharing one key across the whole company.

Troubleshooting

• 401 Unauthorized: the key is invalid, missing, or revoked.
• 403 Forbidden: the key does not have permission for that action.
• 429 Too Many Requests: your team has hit a plan limit or rate limit.

API Documentation

For endpoint details, request schemas, and response examples, see the API Reference.