Authentication

The SuprSonic API uses API keys for authentication. Include your API key in the Authorization header:

Authorization: Bearer YOUR_API_KEY

Getting Your API Key

  1. Log into your SuprSonic dashboard
  2. Go to Settings → API Keys
  3. Click “Generate New Key”
  4. Copy and store the key securely

API Key Types

  • Admin Keys: For platform-level operations
  • Account Keys: For account-specific operations

Security

  • Never expose API keys in client-side code
  • Store keys as environment variables
  • Rotate keys regularly

API Key Management

  • Regeneration: You can regenerate keys at any time from the dashboard
  • Revocation: Revoked keys immediately stop working
  • Multiple Keys: Create multiple keys for different integrations
  • Key Names: Use descriptive names to track usage

Error Responses

Invalid API Key

{
  "success": false,
  "error": {
    "code": "UNAUTHORIZED",
    "message": "Invalid or missing API key"
  }
}

Rate Limit Exceeded

{
  "success": false,
  "error": {
    "code": "RATE_LIMIT_EXCEEDED", 
    "message": "Too many requests. Please try again later.",
    "details": {
      "retryAfter": 60
    }
  }
}

Testing Your Authentication

Use this simple test to verify your API key is working:

curl -H "Authorization: Bearer YOUR_API_KEY" \
  https://www.suprsonic.com/api/v1/articles

A successful response indicates your key is valid and properly configured.

Account Context from API Keys

The SuprSonic API uses a secure model where your account context is automatically derived from your API key:

  • Account API Keys: Automatically scope requests to your specific account
  • Admin API Keys: Provide system-wide access when using admin endpoints
  • No Account IDs in URLs: Account information is derived from authentication, not URL parameters

This approach eliminates the need to specify account IDs in API calls and ensures users can only access data they’re authorized to see.

Ready to start making API calls? Check out our Quickstart Guide for common usage examples.