Skip to main content
All Spirii Public API requests must be authenticated. Two methods are supported:

API keys

Long-lived bearer tokens. Best for server-to-server integrations you control end-to-end.

OAuth 2.0

Authorization-code and client-credentials flows. Best for apps acting on behalf of multiple Spirii accounts.
Never embed API keys or client secrets in a mobile app or front-end bundle. Treat them like passwords.