Authentication
The Orbit AI API uses API keys to authenticate requests. You can manage your API keys from your dashboard.
API Keys
There are two types of API keys:
sk_live_*Live keys for production use. All requests affect real data.
sk_test_*Test keys for development. Isolated from production data.
Using API Keys
Include your API key using either the Authorization header as a Bearer token, or the X-API-Key header:
Authorization: Bearer sk_live_your_api_key_here
# Or use the X-API-Key header:
X-API-Key: sk_live_your_api_key_hereExample request:
curl -X GET "https://api.orbitforms.ai/v1/forms" \
-H "Authorization: Bearer sk_live_your_api_key_here" \
-H "Content-Type: application/json"
# Alternative with X-API-Key header:
curl -X GET "https://api.orbitforms.ai/v1/forms" \
-H "X-API-Key: sk_live_your_api_key_here" \
-H "Content-Type: application/json"OAuth 2.0
For third-party applications that need to access user data, use OAuth 2.0 with PKCE. OAuth access tokens use the orb_at_* prefix.
To build an OAuth app, visit the Developer Portal to register your application and obtain client credentials.
Security Best Practices
Keep keys secret
Never expose API keys in client-side code or public repositories.
Use environment variables
Store API keys in environment variables, not in code.
Rotate compromised keys
If a key is exposed, revoke it immediately and generate a new one.
Authentication Errors
| Status | Meaning |
|---|---|
| 401 | Invalid or missing API key |
| 403 | API key lacks required permissions |