🔑 API Key Header
Every request to the Sorsa API must include theApiKey header. If the header is missing, invalid, or belongs to an account with no remaining credits, the API will return a 401 Unauthorized or 403 Forbidden error.
💡 Header Details:
Header Name: ApiKey (Case-sensitive)
Value: Your unique API key (e.g., b4cd****-****-****-****-********7fa2)
Example cURL Request:
Bash
🛠 Managing your API Keys
- Find your key: Go to the Overview page (your main dashboard). Your active API key is displayed there for quick access.
- Create or Delete keys: To generate a new key or revoke old ones, navigate to the API Keys section.
⚠️ Warning: If you delete a key or generate a new one to replace an old one, any applications using the old key will immediately receive 401 Unauthorized errors.
🛡 Security Best Practices
- Server-side only: Never call the Sorsa API directly from client-side code (browsers, mobile apps). Your API key will be exposed in the network tab.
- Environment Variables: Store your key in
.envfiles and never commit them to public repositories (GitHub, GitLab). - Key Rotation: If you accidentally leak your key, go to the API Keys tab, delete the compromised key, and create a new one.
❌ Troubleshooting
| Issue | Potential Cause |
|---|---|
| 401 Unauthorized | The ApiKey header is missing, misspelled, or the key has been deleted. |
| 403 Forbidden | Your key is valid, but your subscription has expired or credits are exhausted. |
⏭ Next Steps
- Rate Limits — Learn how many requests you can make.
- Key Usage Info — Check your balance programmatically.
- API Reference — Explore all available endpoints.