Authentication
SignalStack uses API key-based authentication. Each request must include a valid API key in theAuthorization header as a Bearer token.
API keys
API keys are generated from the SignalStack dashboard. Keys are prefixed with ssk_ and have a live or test qualifier to distinguish production from development environments.
| Environment | Key Prefix | Rate Limits | Data |
|---|---|---|---|
| Production | ssk_live_ | Plan-dependent | Real |
| Test / Sandbox | ssk_test_ | 100/hr | Simulated |
Sending the header
Include the API key in every request:
Code
Authorization: Bearer ssk_live_abc123_def456cURL
Code
curl -X POST https://signal-stack-ten.vercel.app/v1/verify/claim -H "Authorization: Bearer $SIGNALSTACK_API_KEY" -H "Content-Type: application/json" -d '{"claim": "test"}'Python
Code
import signalstack
client = signalstack.SignalStack(
api_key="ssk_live_abc123_def456"
)
# All subsequent calls use this key automatically.TypeScript
Code
import { SignalStack } from "@signalstack/sdk"
const client = new SignalStack({
apiKey: process.env.SIGNALSTACK_API_KEY!,
})Managing keys
You can create, list, and revoke API keys from the dashboard:
- Create: Click "New Key", give it a name, choose environment (live/test), and copy it immediately — keys are shown only once.
- List: View all active keys with name, prefix, and last-used timestamp.
- Revoke: Delete a key immediately. Any service using that key will receive
401 Unauthorized.
Key rotation best practices
- Rotate regularly: Rotate production keys every 90 days.
- Use multiple keys: Maintain separate keys for development, staging, and production.
- Rolling rotation: Create a new key, deploy it to your services, then revoke the old key once all traffic has migrated.
- Never hardcode: Use environment variables or a secrets manager like AWS Secrets Manager, HashiCorp Vault, or Doppler.
- Monitor usage: Review the API key audit log for unusual activity.
Environment variable setup
Code
# .env
SIGNALSTACK_API_KEY=ssk_live_abc123_def456
SIGNALSTACK_TIMEOUT=30
SIGNALSTACK_BASE_URL=https://signal-stack-ten.vercel.app/v1Error responses
Code
// 401 — Missing or invalid API key
{
"error": {
"code": "UNAUTHORIZED",
"message": "Invalid or missing API key. Provide a valid key via the Authorization header.",
"docs": "https://signal-stack-ten.vercel.app/docs/guides/authentication"
}
}
// 403 — Key lacks permissions for this endpoint
{
"error": {
"code": "FORBIDDEN",
"message": "This API key does not have access to the media verification endpoint.",
"required_plan": "business"
}
}Next steps
- Learn about Rate Limits
- Explore the API Reference
- Set up Webhooks