Amarsia
Features

Authentication

How to authenticate API requests using API keys and session tokens.

Overview

All API requests must be authenticated. Amarsia supports two authentication methods:

  • API keys — long-lived credentials for server-to-server use
  • Session tokens — short-lived tokens for user-facing applications

API keys

API keys are the recommended method for server-side integrations. They are scoped to a workspace and carry a specific permission set.

Creating an API key

  1. Open your workspace Settings.
  2. Navigate to API Keys.
  3. Click Create key, give it a name, and select the required scopes.
  4. Copy the key immediately — it is shown only once.

Using an API key

Pass the key in the Authorization header as a Bearer token:

curl https://api.amarsia.com/v1/resources \
  -H "Authorization: Bearer sk_live_..."

Never expose API keys in client-side code or public repositories. Use environment variables.

Key prefixes

PrefixEnvironment
sk_live_Live
sk_test_Test

Session tokens

Session tokens are issued after a successful user login and expire after 24 hours. Use them for authenticating requests made on behalf of a user.

curl https://api.amarsia.com/v1/me \
  -H "Authorization: Bearer sess_..."

Rotating keys

Rotate an API key immediately from Settings → API Keys → Rotate. The old key is invalidated and a new one is issued. Requests using the old key will receive 401 Unauthorized.

Features

In-depth guides for every Amarsia product feature.

Permissions

Role-based access control and workspace membership in Amarsia.

On this page

OverviewAPI keysCreating an API keyUsing an API keyKey prefixesSession tokensRotating keysRelated