API Authentication
Authenticate API requests with API keys
Overview
SnipeRoute uses API keys to authenticate all API requests. API keys are passed in the Authorization header as a Bearer token.
Never share your API keys or commit them to version control. Treat them like passwords.
Getting Your API Key
Log in to Dashboard
Go to app.sniperoute.io (opens in a new tab) and log in.
Navigate to API Keys
Click Settings → API Keys in the sidebar.
Generate Key
Click Generate API Key and give it a descriptive name.
Copy and Store
Copy the key immediately — you won't see it again!
API Key Format
sk_[env]_[random]- sk: SnipeRoute key
- env: Environment (
liveortest) - random: Random alphanumeric string
Examples:
sk_live_abc123def456...(Production)sk_test_xyz789uvw012...(Testing)
Using API Keys
Authorization Header
Authorization: Bearer sk_live_your_api_key_herecURL Example
curl https://api.sniperoute.io/api/v1/intents \
-H "Authorization: Bearer sk_live_abc123..." \
-H "Content-Type: application/json"Python Example
import httpx
headers = {
"Authorization": "Bearer sk_live_abc123...",
"Content-Type": "application/json"
}
response = httpx.get(
"https://api.sniperoute.io/api/v1/intents",
headers=headers
)Python SDK (Recommended)
from sniperoute import SnipeRouteClient
# Option 1: Direct configuration
client = SnipeRouteClient(
base_url="https://api.sniperoute.io",
api_key="sk_live_abc123..."
)
# Option 2: Environment variables (recommended)
# Set SNIPEROUTE_API_KEY and SNIPEROUTE_API_URL
client = SnipeRouteClient()Test vs Live Keys
Test keys (sk_test_...) are for development:
- Work with mock broker only
- No real broker connections
- No charges
- Safe to experiment
Security Best Practices
1. Use Environment Variables
# Don't hardcode keys
client = SnipeRouteClient(api_key="sk_live_abc123...")
# Use environment variables
import os
client = SnipeRouteClient(api_key=os.getenv("SNIPEROUTE_API_KEY"))2. Rotate Keys Regularly
Generate new API keys every 90 days:
Generate New Key
Create a replacement key in the dashboard
Update Applications
Deploy the new key to all services
Revoke Old Key
Delete the old key from the dashboard
3. Use Separate Keys Per Environment
# Development
SNIPEROUTE_API_KEY=sk_test_dev_...
# Staging
SNIPEROUTE_API_KEY=sk_test_staging_...
# Production
SNIPEROUTE_API_KEY=sk_live_prod_...4. Monitor Key Usage
Check the API Keys page in your dashboard to:
- See when each key was last used
- Monitor request patterns
- Detect unusual activity
Authentication Errors
401 Unauthorized
{
"detail": "Invalid API key"
}Causes:
- Missing
Authorizationheader - Invalid key format
- Revoked key
- Expired key
Solution: Check your API key and ensure it's valid.
403 Forbidden
{
"detail": "This API key does not have permission for this resource"
}Causes:
- Key doesn't have required permissions
- Test key used in production endpoint
- Key scope doesn't include this endpoint
Solution: Use the correct key type or request additional permissions.
Revoking API Keys
If a key is compromised:
Generate New Key
Create a replacement immediately
Update Applications
Deploy the new key to all services
Revoke Old Key
Delete the compromised key from the dashboard
Monitor
Watch for failed requests using the old key
Rate Limiting
API keys are subject to rate limits based on your subscription tier:
| Tier | Requests/Minute | Intents/Month |
|---|---|---|
| Free | 60 | 100 |
| Pro | 300 | 1,000 |
| Enterprise | Custom | Custom |
If you exceed the rate limit, you'll receive:
{
"detail": "Rate limit exceeded. Retry after 60 seconds.",
"retry_after": 60
}Rate Limit Headers
X-RateLimit-Limit: 60
X-RateLimit-Remaining: 45
X-RateLimit-Reset: 1638316800