Redpine ConnectDocs
Sign in

Authentication

All API requests require authentication via an API key passed as a Bearer token in the Authorization header.

API Keys

Create and manage API keys from your API Keys page in the dashboard. Keys are prefixed with sk_live_ and are tied to your organization.

Header Format

Include your API key in every request using the Authorization header:

Example Request

Key Scoping

API keys can be scoped to control access:

  • Organization-wide — access all collections in your organization.
  • Collection-specific — restrict access to one or more named collections. Requests to other collections return 403.

Authentication Errors

If the API key is missing or invalid, the API returns 401 Unauthorized:

If the key is valid but lacks access to the requested collection, the API returns 403 Forbidden.

Security Best Practices

  • Never expose API keys in client-side code or public repositories.
  • Use collection-scoped keys when possible to limit blast radius.
  • Rotate keys periodically and revoke unused keys.
  • Store keys in environment variables or a secrets manager.