Skip to main content
API keys are long-lived bearer tokens scoped to a single Spirii account.

Sending an API key

Pass the key in the Authorization header as a bearer token: 
curl https://api.spirii.com/v1/locations \
  -H "Authorization: Bearer YOUR_API_KEY"

Rotating keys

Rotate keys regularly. To rotate:
1

Generate a new key

Create a new key in the Spirii Hub or via support.
2

Update your application

Roll the new key into your secret store before invalidating the old one.
3

Revoke the old key

Once traffic has fully cut over, revoke the previous key.
Use separate API keys per environment (sandbox vs. production) and per service. Don’t share keys across applications.