Skip to main content
The Orbit AI API uses API keys to authenticate requests. You can manage your API keys from your dashboard.

API Keys

There are two types of API keys: sk_live_* — Live keys for production use. All requests affect real data. sk_test_* — Test keys for development. Isolated from production data.

Using API Keys

Include your API key using either the Authorization header as a Bearer token, or the X-API-Key header: 
Authorization: Bearer sk_live_your_api_key_here

# Or use the X-API-Key header:
X-API-Key: sk_live_your_api_key_here
Example request: 
curl -X GET "https://orbitforms.ai/api/v1/forms" \
  -H "Authorization: Bearer sk_live_your_api_key_here" \
  -H "Content-Type: application/json"

# Alternative with X-API-Key header:
curl -X GET "https://orbitforms.ai/api/v1/forms" \
  -H "X-API-Key: sk_live_your_api_key_here" \
  -H "Content-Type: application/json"

OAuth 2.0

For third-party applications that need to access user data, use OAuth 2.0 with PKCE. OAuth access tokens use the orb_at_* prefix.
To build an OAuth app, visit the Developer Portal to register your application and obtain client credentials.

Security Best Practices

Keep keys secret — Never expose API keys in client-side code, public repositories, or browser localStorage/sessionStorage.
Use environment variables — Store API keys in environment variables on your server. Never include them in frontend bundles.
Rotate compromised keys — If a key is exposed, revoke it immediately from your dashboard and generate a new one.

Authentication Errors

StatusMeaning
401Invalid or missing API key
403API key lacks required permissions
Next: Forms API