Documentation
Authentication
Security Notice
All API requests must be made over HTTPS. Calls made over plain HTTP will fail. Never share your API keys in public repositories or client-side code.
The Storylinez API uses API key authentication. To access protected endpoints, you must include both your API key and API secret in the headers of your requests.
Obtaining API Keys
To obtain API keys for the Storylinez platform, you need to:
- Log in to your Storylinez account dashboard
- Navigate to the Developer section
- Click on "API Keys" and then "Generate New API Key"
- Store both your API key and API secret securely - the secret will only be shown once
Using Your API Keys
Include both your API key and API secret in the headers of your requests as follows:
X-API-Key: api_your_generated_key X-API-Secret: your_generated_secretAPI Key Management
Your API keys grant direct access to your Storylinez account and resources, so they should be treated with care:
- You can generate multiple API keys for different applications or environments
- We recommend rotating your API keys periodically for enhanced security
- You can set permissions and access levels for each API key
Example Requests
curl -X GET \
'https://api.storylinez.com/v1/orgs/get_all' \
-H 'X-API-Key: api_your_generated_key' \
-H 'X-API-Secret: your_generated_secret'Error Responses
If authentication fails, you'll receive one of the following error responses:
Missing API Key
{
"error": "X-API-Key header is missing"
}Missing API Secret
{
"error": "X-API-Secret header is missing"
}Invalid API Key
{
"error": "Invalid API key or API key not found"
}Invalid API Secret
{
"error": "Invalid API secret"
}Unauthorized API Key
{
"error": "This API key is not authorized to access this resource"
}Best Practices
- Store keys securely: Never store API keys in client-side code, public repositories, or environment files that might be committed to source control.
- Use environment variables: Store your API keys as environment variables or in a secure vault service.
- Implement least privilege: Create API keys with only the permissions they need for their specific purpose.
- Rotate keys regularly: Create new API keys and deprecate old ones on a regular schedule.
- Monitor usage: Keep track of API key usage and investigate any unexpected patterns.
- Use HTTPS: Always use HTTPS to prevent key interception during transmission.