Authentication

Learn how to authenticate your requests to the Slice API using API keys.

API Key Authentication

All API requests require authentication using a Bearer token

The Slice API uses API key authentication. Every request to the API must include your API key in the Authorization header.

Authentication Header

Authorization: Bearer sk_live_abc123...

Note: API keys start with sk_live_ for production keys or sk_test_ for test keys.

Getting Your API Key

Create and manage API keys from your dashboard

Steps:

  1. Log in to your dashboard
  2. Navigate to the API Keys section
  3. Click "Create API Key"
  4. Give your key a descriptive name (e.g., "Production Server")
  5. Optionally set an expiration date
  6. Copy the key immediately - it's only shown once!

Important: API keys are sensitive credentials. Store them securely and never commit them to version control. Use environment variables or secure secret management systems.

Using API Keys

Examples of authenticating requests

cURL Example

curl -X POST https://api.slice.example.com/api/v1/validate \
  -H "Authorization: Bearer sk_live_abc123..." \
  -H "Content-Type: application/json" \
  -d '{"userId": "user_123"}'

JavaScript/Node.js Example

const response = await fetch('https://api.slice.example.com/api/v1/validate', {
  method: 'POST',
  headers: {
    'Authorization': `Bearer ${process.env.SLICE_API_KEY}`,
    'Content-Type': 'application/json',
  },
  body: JSON.stringify({ userId: 'user_123' }),
});

const data = await response.json();

Using the SDK

import { SliceClient } from '@sliceapi/sdk';

const client = new SliceClient(process.env.SLICE_API_KEY!);

// The SDK automatically includes the API key in all requests
const result = await client.validate.validate('user_123');

Security Best Practices

Keep your API keys secure

Do:

  • Store API keys in environment variables
  • Use different keys for development and production
  • Rotate keys periodically
  • Use secret management services (AWS Secrets Manager, HashiCorp Vault, etc.)
  • Set expiration dates on keys when possible
  • Monitor key usage in your dashboard

Don't:

  • Commit API keys to version control (Git, SVN, etc.)
  • Share keys in chat, email, or documentation
  • Hardcode keys in your source code
  • Use the same key for multiple applications
  • Leave keys in client-side code (browser, mobile apps)

If your API key is compromised: Immediately revoke it in your dashboard and create a new one. Monitor your audit logs for any suspicious activity.

API Key Management

Managing your API keys

Key Operations

  • Create: Generate new keys from your dashboard. Each key can have a name and optional expiration date.
  • View: See all your keys, their names, prefixes, and last used dates. Note that the full key is only shown once when created.
  • Revoke: Immediately invalidate a key if it's compromised or no longer needed. Revoked keys cannot be restored.
  • Monitor: Check when keys were last used and track their usage in audit logs.

See the API Keys documentation for detailed information on managing keys.

Authentication Errors

Common authentication error responses

401 Unauthorized

Returned when the API key is missing, invalid, or expired.

{
  "success": false,
  "error": "Unauthorized"
}

403 Forbidden

Returned when the API key is valid but doesn't have permission to access the resource.

{
  "success": false,
  "error": "Access denied"
}