Bespoke uses API keys to allow access to Bespoke's REST API's.
All /api endpoints use API private keys to authenticate requests. If you do not use an API key for your requests, or if you use a key from the wrong account, your call will return an error. A 400 error indicates an invalid or missing API key.
Getting your API Key
You can find your API keys on your settings page, which you can access by logging in or signing up.
Private key authentication
Private key authentication for /api endpoints is performed by setting the following request header:
Authorization: Bespoke-API-Key {your-private-api-key}
curl --request GET \
--url https://api.bespoke.surf/api/{endpoint}/ \
--header 'Authorization: Bespoke-API-Key {your-private-api-key}' \
--header 'accept: application/json' \
--header 'revision: {revision-header}'
For your account's security, we strongly recommend never using a private API key with the Client endpoints.