Skip to main content
All Spine API endpoints authenticate via the X-API-KEY header. 
X-API-KEY: sk_spine_...

Create an API key

  1. Go to API keys in the developer portal.
  2. Click Create Key and give it an optional name.
  3. Copy the key immediately — it is only shown once.
  4. Use the key in the X-API-KEY header for all Spine API requests.
Keys can be rotated or revoked from the same page.

Security best practices

  • Never expose API keys in client-side code or commit them to version control.
  • Store keys in environment variables or a secrets manager.
  • Rotate keys periodically and whenever a team member with access leaves.
  • Revoke keys immediately if a leak is suspected.
  • Use a separate key per application or service so you can rotate scope-by-scope.