Authentication
All SyncToScale API requests require authentication using a project API key. Keys identify your workspace and control access to workflows and integrations.
POST
Authenticated requests
GET
Authorized data access
Using your API key
Send your API key as a bearer token in the Authorization header
with every request. Keys should be kept server-side and rotated regularly.
Authorization: Bearer <project_token> Content-Type: application/json
Invalid or missing credentials
Requests with missing, expired, or invalid tokens will return a
401 Unauthorized response.
{
"error": "unauthorized",
"message": "Invalid or missing API token"
}
Security best practices
- Never expose API keys in client-side code
- Rotate keys if they are accidentally shared
- Use environment variables to store secrets