Authentication
All public API endpoints require a Bearer API key.
Authorization header
Authorization: Bearer clp_li...Scopes
The weekly promo endpoint requires the scope weekly_promo:generate. Keys are scoped at creation time.
Security rules
- Never expose raw API keys in frontend code or client-side apps
- Make API calls from your backend or server-side environment only
- Rotate keys periodically via the dashboard
- Revoke compromised keys immediately
⚠️ Only the key prefix is stored server-side. The raw key is shown once at creation.