Skip to main content
TokenKit uses API keys to authenticate requests. All requests must include a valid Bearer token in the Authorization header.

Getting your API key

  1. Sign in to the Platform
  2. Navigate to API Keys
  3. Click Create API Key
  4. Copy the generated key (starts with sk_live_v1...)
Your API key carries all privileges for your account. Never share it publicly or commit it to version control. If a key is compromised, delete it immediately from the dashboard.

Making authenticated requests

Include your API key in the Authorization header with the Bearer scheme: 
curl https://api.tokenkit.co/v1/endpoint \
  -H "Authorization: Bearer sk_live_v1_your_key_here"

Authentication errors

Missing or invalid token

If your API key is missing or invalid, you’ll receive a 401 Unauthorized response: 
{
  "data": null,
  "errors": [
    {
      "code": "UNAUTHORIZED",
      "message": "Invalid or missing Bearer token"
    }
  ]
}
Common causes:
  • Forgot to include the Authorization header
  • Typo in the API key
  • Using a revoked or deleted key
  • Missing Bearer prefix

Managing API keys

All API key management happens through the platform. You can create and delete keys at any time. Go to the platform to:
  • Create new API keys - Generate additional keys for different projects or environments
  • View existing keys - See all your active API keys
  • Delete keys - Permanently revoke keys that are no longer needed

Customer Platform

Manage your API keys and monitor authentication activity