Every request authenticates with an API key in the Authorization header:
Authorization: Bearer fb_your_key_here
Managing keys
Create and revoke keys from API Keys in the dashboard. A few things to know:
- A key is shown once, at creation. Copy it then; we only ever store a hash, so it cannot be recovered.
- Create separate keys per app or environment so you can revoke one without touching the others.
- Revoking a key takes effect immediately.
Errors
A missing or invalid key returns 401 with a typed error body:
{
"error": {
"type": "auth",
"code": "invalid_key",
"message": "invalid API key",
"retryable": false,
"billable": false
}
}
Treat your key like a password. Never commit it to source control or expose it in client-side code. Set it as an
environment variable (for example FETCHBEAN_KEY).
