API keys are generated and managed inside the Endors dashboard. They are not created or revoked via the REST API itself — that is done through your browser session in Settings.

Generating a key

Go to Settings > API & Webhooks. Click Generate API key. The full key is shown once immediately after creation. Copy it now — it will not be shown again.

Keys have the format:

You can have a maximum of 3 API keys per Space. To create a new one when at the limit, revoke an existing key first.

Using a key

Pass the key in the Authorization header of every request:

curl https://app.endors.io/api/spaces/YOUR_SPACE_ID/testimonials \
  -H "Authorization: Bearer sk_live_your_api_key_here"

curl https://app.endors.io/api/spaces/YOUR_SPACE_ID/testimonials \
  -H "Authorization: Bearer sk_live_your_api_key_here"

curl https://app.endors.io/api/spaces/YOUR_SPACE_ID/testimonials \
  -H "Authorization: Bearer sk_live_your_api_key_here"

Viewing existing keys

The Settings panel lists all active keys with their name, key prefix (first 16 characters), and last used date. The full key is never shown again after creation.

Revoking a key

Click Revoke next to any key in Settings. The key stops working immediately. Any application using that key will receive 401 Unauthorized on its next request.

Security

• Store API keys in environment variables, not in source code.

• Never expose them in client-side JavaScript.

• Revoke keys you no longer use.

• Each key is bound to one Space. It cannot access data from other Spaces.