Sayify.pro / Docs
Docs / API Reference / Authentication

How to authenticate with the Sayify.pro API using API keys.

🔑 Authentication

Every API request must include your API key as a Bearer token in the Authorization header.

curl https://sayify.pro/api/v1/links/ \
  -H "Authorization: Bearer sk_live_AbCdEfGhIjKlMnOpQrStUvWxYz0123456789xyz"

🛠️ Creating an API Key

  1. Open the sidebar and navigate to API Management.
  2. Click the + Create API Key button.
  3. Give the key a descriptive name (e.g. Production Server, CI Pipeline).
  4. Copy the key immediately — it is only shown once.

Key Card Anatomy

Once created, your key appears as a card showing:

Element What it does
Key name The label you assigned when creating the key.
Key display Dark panel showing the masked key. Click 👁 to reveal, 📋 to copy.
Created date When the key was generated.
Last used Relative timestamp of the most recent API call with this key.
Delete button 🗑️ Permanently revoke the key (takes effect immediately).

Stats Dashboard

At the top of the API Management page, you'll see a live stats bar:

Stat Description
Total API Keys Number of keys ever created.
Active Keys Keys that haven't been revoked.
API Calls (Today) Number of requests made today across all keys.

🏷️ Key Format

sk_live_[40 random alphanumeric characters]
  • sk_live_ — Standard prefix for all production keys.
  • Keys are hashed in the database — the full plain-text key is only visible at creation.

🔒 Using Your API Key

cURL

curl https://sayify.pro/api/v1/links/ \
  -H "Authorization: Bearer sk_live_AbCdEfGhIjKlMnOpQrStUvWxYz0123456789xyz"

JavaScript

const response = await fetch("https://sayify.pro/api/v1/links/", {
  headers: {
    "Authorization": "Bearer sk_live_AbCdEfGhIjKlMnOpQrStUvWxYz0123456789xyz"
  }
});
const data = await response.json();

Python

import requests

response = requests.get(
    "https://sayify.pro/api/v1/links/",
    headers={"Authorization": "Bearer sk_live_AbCdEfGhIjKlMnOpQrStUvWxYz0123456789xyz"}
)
data = response.json()

🗑️ Revoking Keys

Revoke compromised or unused keys:

  1. Go to API Management in the sidebar.
  2. Find the key card and click the 🗑️ delete button.
  3. Confirm the deletion — the key is immediately revoked.

[!WARNING]
Revocation is immediate. Any in-flight requests using the revoked key will fail.

🏢 Workspace Scope

API keys are scoped to a single workspace. A key created in Workspace A cannot access resources in Workspace B.

🛡️ Security Best Practices

[!CAUTION]
API keys provide full access to your workspace data. Treat them like passwords.

  • Use environment variables — never hard-code keys in source code.
  • Never commit keys to version control — add them to .env and .gitignore.
  • Grant keys to services, not people — name them after the system that uses them.
  • Rotate keys periodically — especially after any team change.
  • Revoke unused keys immediately — reduce your attack surface.
  • Use HTTPS only — keys are transmitted in headers and must be encrypted in transit.

🎓 What's Next?

  • API Overview — Base URL, request format, pagination.
  • Endpoints — Full endpoint reference with payloads.
  • Errors — Error codes and retry strategy.
Was this page helpful?
Report an issue →