Authentication
The Sequenzy API uses API keys for authentication. Every request must include your API key in the Authorization header.
Getting Your API Key
- Log in to your Sequenzy dashboard
- Navigate to Settings → API Keys
- Click Create API Key
- Give your key a descriptive name (e.g., “Production Backend”, “Development”)
- Copy and securely store your key—it won’t be shown again
Keep your API key secret. Never expose it in client-side code, public repositories, or logs. Treat it like a password.
Using Your API Key
Include your API key in the Authorization header with every request:
Authorization: Bearer YOUR_API_KEY
Example Request
curl "https://api.sequenzy.com/api/v1/subscribers" \
-H "Authorization: Bearer sk_live_abc123..."
Example in Code
const response = await fetch(
"https://api.sequenzy.com/api/v1/subscribers",
{
headers: {
Authorization: `Bearer ${process.env.SEQUENZY_API_KEY}`,
"Content-Type": "application/json",
},
}
);
API Key Best Practices
1. Use Environment Variables
Never hardcode API keys in your source code:
// Good
const apiKey = process.env.SEQUENZY_API_KEY;
// Bad
const apiKey = "sk_live_abc123..."; // Don't do this!
2. Create Separate Keys for Each Environment
- Production key: Used only on production servers
- Development key: Used for local development and testing
- CI/CD key: Used for automated testing (if needed)
This way, if a development key is compromised, your production data stays safe.
3. Rotate Keys Periodically
If you suspect a key has been compromised:
- Create a new API key
- Update your application to use the new key
- Delete the old key
4. Never Commit Keys to Git
Add your environment file to .gitignore:
# .gitignore
.env
.env.local
.env.production
5. Use Secrets Management in Production
For production deployments, use your platform’s secrets management:
- Vercel: Environment Variables in dashboard
- AWS: AWS Secrets Manager or Parameter Store
- Heroku: Config Vars
- Docker: Docker Secrets or environment variables
Authentication Errors
401 Unauthorized
{
"success": false,
"error": "Unauthorized"
}
- The API key is missing from the request
- The API key is invalid or has been deleted
- The API key format is incorrect
Solution: Check that you’re including the Authorization: Bearer YOUR_KEY header with a valid key.
Common Mistakes
| Mistake | Correct Format |
|---|
| Missing “Bearer” prefix | Authorization: Bearer sk_live_... |
Using X-API-Key header | Use Authorization header instead |
| Exposing key in URL | Pass key in header, not query params |
| Using test key in production | Use sk_live_ prefix for production |
Managing API Keys
View Active Keys
In Settings → API Keys, you can see:
- Key name
- Created date
- Last used timestamp
Delete a Key
To revoke access:
- Go to Settings → API Keys
- Find the key you want to delete
- Click Delete
- Confirm the deletion
Deleting a key immediately invalidates it. Any requests using that key will start failing.
Security Recommendations
Server-Side Only
Only use API keys in server-side code. Never expose them to browsers:
// Server-side (Node.js, Next.js API route) - Safe
export async function POST(request) {
const response = await fetch("https://api.sequenzy.com/api/v1/...", {
headers: { Authorization: `Bearer ${process.env.SEQUENZY_API_KEY}` },
});
}
// Client-side (React component) - NEVER do this
function Component() {
// This exposes your key to anyone viewing the page source!
fetch("https://api.sequenzy.com/api/v1/...", {
headers: { Authorization: "Bearer sk_live_..." }, // DANGEROUS!
});
}
Use HTTPS Only
Always use https:// when making API requests. The API does not accept unencrypted HTTP connections.
Monitor Usage
Regularly check the “Last used” timestamp for your API keys. If you see unexpected activity, rotate the key immediately.
Next Steps
