Sayify.pro / Docs
Docs

How to authenticate with the Sayify.pro API using API keys.

Authentication

Every API request must include your API key as a Bearer token in the Authorization header.

curl https://sayify.pro/api/v1/links/ \
 -H "Authorization: Bearer sk_live_AbCdEfGhIjKlMnOpQrStUvWxYz0123456789xyz"

Creating an API Key

  1. Open the sidebar and navigate to API Management.
  2. Click the + Create API Key button.
  3. Give the key a descriptive name (e.g. Production Server, CI Pipeline).
  4. Copy the key immediately — it is only shown once.

Key Card Anatomy

Once created, your key appears as a card showing:

Element What it does
Key name The label you assigned when creating the key.
Key display Dark panel showing the masked key. Click to reveal, to copy.
Created date When the key was generated.
Last used Relative timestamp of the most recent API call with this key.
Delete button Permanently revoke the key (takes effect immediately).

Stats Dashboard

At the top of the API Management page, you'll see a live stats bar:

Stat Description
Total API Keys Number of keys ever created.
Active Keys Keys that haven't been revoked.
API Calls (Today) Number of requests made today across all keys.

Key Format

sk_live_[40 random alphanumeric characters]
  • sk_live_ — Standard prefix for all production keys.
  • Keys are hashed in the database — the full plain-text key is only visible at creation.

Using Your API Key

cURL

curl https://sayify.pro/api/v1/links/ \
 -H "Authorization: Bearer sk_live_AbCdEfGhIjKlMnOpQrStUvWxYz0123456789xyz"

JavaScript

const response = await fetch("https://sayify.pro/api/v1/links/", {
 headers: {
 "Authorization": "Bearer sk_live_AbCdEfGhIjKlMnOpQrStUvWxYz0123456789xyz"
 }
});
const data = await response.json();

Python

import requests

response = requests.get(
 "https://sayify.pro/api/v1/links/",
 headers={"Authorization": "Bearer sk_live_AbCdEfGhIjKlMnOpQrStUvWxYz0123456789xyz"}
)
data = response.json()

Revoking Keys

Revoke compromised or unused keys:

  1. Go to API Management in the sidebar.
  2. Find the key card and click the delete button.
  3. Confirm the deletion — the key is immediately revoked.

[!WARNING]
Revocation is immediate. Any in-flight requests using the revoked key will fail.

Workspace Scope

API keys are scoped to a single workspace. A key created in Workspace A cannot access resources in Workspace B.

Security Best Practices

[!CAUTION]
API keys provide full access to your workspace data. Treat them like passwords.

  • Use environment variables — never hard-code keys in source code.
  • Never commit keys to version control — add them to .env and .gitignore.
  • Grant keys to services, not people — name them after the system that uses them.
  • Rotate keys periodically — especially after any team change.
  • Revoke unused keys immediately — reduce your attack surface.
  • Use HTTPS only — keys are transmitted in headers and must be encrypted in transit.

What's Next?

  • API Overview — Base URL, request format, pagination.
  • Endpoints — Full endpoint reference with payloads.
  • Errors — Error codes and retry strategy.
Was this page helpful?
Report an issue →