Authentication
Secure your API requests with API keys.
Overview
SnipeRoute uses API keys to authenticate requests. All API requests must include your API key in the Authorization header.
Never share your API keys or commit them to version control. Treat them like passwords.
Getting Your API Key
Log in to Dashboard
Go to app.sniperoute.io (opens in a new tab) and log in to your account.
Navigate to API Keys
Click Settings → API Keys in the sidebar.
Generate Key
Click Generate API Key and give it a descriptive name (e.g., "Production Server").
Copy and Store Securely
Copy the key immediately - you won't be able to see it again! Store it in a secure password manager or environment variable.
Using API Keys
With Python SDK
from sniperoute import SnipeRouteClient
client = SnipeRouteClient(
base_url="https://api.sniperoute.io",
api_key="sk_live_abc123..." # Your API key
)With cURL
curl https://api.sniperoute.io/api/v1/intents \
-H "Authorization: Bearer sk_live_abc123..."With Environment Variables
SNIPEROUTE_API_KEY=sk_live_abc123...
SNIPEROUTE_API_URL=https://api.sniperoute.ioAPI Key Format
API keys follow this format:
sk_[env]_[random]- sk: SnipeRoute key
- env: Environment (
livefor production,testfor testing) - random: Random alphanumeric string
Examples:
sk_live_abc123def456...(Production)sk_test_xyz789uvw012...(Testing)
Test vs Live Keys
Test keys (sk_test_...) are for development and testing:
- Work with mock broker only
- No real broker connections
- No charges
- Safe to experiment with
Security Best Practices
Use Environment Variables
Never hardcode API keys in your source code:
# DON'T DO THIS
client = SnipeRouteClient(api_key="sk_live_abc123...")
# DO THIS
client = SnipeRouteClient(api_key=os.getenv("SNIPEROUTE_API_KEY"))Rotate Keys Regularly
Generate new API keys every 90 days and revoke old ones:
- Generate new key
- Update your applications
- Revoke old key
Use Separate Keys Per Environment
- Development:
sk_test_dev_... - Staging:
sk_test_staging_... - Production:
sk_live_prod_...
This way, if one key is compromised, others remain secure.
Monitor Key Usage
Check the API Keys page in your dashboard to:
- See when each key was last used
- Monitor request patterns
- Detect unusual activity
Revoking API Keys
If a key is compromised:
Generate New Key
Create a replacement key immediately
Update Applications
Deploy the new key to all services
Revoke Old Key
Delete the compromised key from the dashboard
Monitor
Watch for failed requests using the old key
Error Responses
401 Unauthorized
{
"detail": "Invalid API key"
}Causes:
- Missing Authorization header
- Invalid key format
- Revoked key
- Expired key
Solution: Check your API key and ensure it's valid.
403 Forbidden
{
"detail": "This API key does not have permission for this resource"
}Causes:
- Key doesn't have required permissions
- Test key used in production
- Key scope doesn't include this endpoint
Solution: Use the correct key type or request additional permissions.
Rate Limiting
API keys are subject to rate limits based on your subscription tier:
| Tier | Requests/Minute | Intents/Month |
|---|---|---|
| Free | 60 | 100 |
| Pro | 300 | 1,000 |
| Enterprise | Custom | Custom |
Rate limits are per API key. If you hit the limit, you'll receive a 429 Too Many Requests response.