Authentication - Dafty Docs

All endpoints except GET /api/v1/openapi.json require an API key.

Getting a key

Create and manage keys from your dashboard at /api-keys. The plaintext value is shown once at creation - copy it then. You can name, deactivate, and revoke keys later; revocation takes effect immediately.

Sending the key

Use either header (pick one):

# Preferred
curl http://localhost:3001/api/v1/account -H "x-api-key: $DAFTY_API_KEY"

# Or a bearer token
curl http://localhost:3001/api/v1/account -H "Authorization: Bearer $DAFTY_API_KEY"

A missing, malformed, revoked, or expired key returns 401:

{ "error": { "code": "UNAUTHORIZED", "message": "Invalid API key" } }

Check what a key can see

GET /account - the account the key belongs to and its plan.

Keys are scoped to your account. Generation consumes credits the same way the in-app product does; keep keys secret and rotate them if leaked.

Quickstart Uploads

⌘I

​Getting a key

​Sending the key

​Check what a key can see

Getting a key

Sending the key

Check what a key can see