logo
Schedulin Developers

Authentication

Schedulin authenticates API requests with an API key passed in the x-api-key header.

curl https://api.schedulin.app/v0/posts \
  -H "x-api-key: sk_live_..."

API keys

  • Create and revoke keys under Settings → Developer → API keys.
  • Keys are workspace-scoped — a key can only read and write the workspace it was created in.
  • The secret (sk_live_...) is shown once at creation. If you lose it, revoke the key and create a new one.
WARNING
Treat API keys like passwords. Never commit them to source control or ship them in client-side code. Load them from an environment variable or secret manager.

Unauthenticated requests

Requests with a missing, malformed, or revoked key return 401 Unauthorized:

{
  "code": "UNAUTHORIZED",
  "status": 401,
  "message": "Unauthorized",
  "data": { "message": "UNAUTHORIZED" }
}

See Error Handling for the full error model.