Authentication
Every request must carry an API key in the X-API-Key header.
curl https://<your-tenant>.datamingle.ai/api/integrations/v1/orders/ \
-H "X-API-Key: sk_live_..."
Getting a key
Dashboard → Settings → API Keys → Create key.
- Keys are shown once at creation. Copy and store in a secret manager.
- Default scopes give full access across integration endpoints. Narrow them if you don't need all resources — see Scopes.
- You can issue as many keys as you want. Use separate keys per environment (staging / production) and per service.
For rotation, revocation, and expiration, see Managing API keys.
When auth fails
| Condition | Status | Notes |
|---|---|---|
No X-API-Key header | 403 | Anonymous requests are forbidden. |
| Invalid key | 401 | Body: {"detail":"Invalid API key"} |
| Expired key | 401 | Body: {"detail":"API key has expired"} |
| Missing scope for the requested action | 403 | See Scopes. |
| Workspace integration disabled | 403 | Re-enable it from the dashboard or issue a new key. |
:::warning Keep keys secret Keys are bearer credentials. Never embed in client-side code or commit to version control. Always call over HTTPS. Rotate immediately if exposed. :::