Authentication
Authenticate each request with a Bearer token and the email of the user you are acting on behalf of.
Header
Authorization: Bearer YOUR_API_KEY USER_EMAILCreate user on first request (optional)
If the user does not exist, send this header to create the user automatically:
X-Create-User: trueSecurity
Keep API keys secret. Do not expose them in client‑side code. Route all production requests through your backend and load secrets from environment variables or a KMS.
- Treat API keys as secrets and rotate them periodically.
- Transmit over HTTPS only.
- Authenticate as a specific user via the
Authorizationheader shown above.