Documentation

Authentication

How to authenticate with the OrbitKit API using API keys.

All OrbitKit API requests require an API key in the Authorization header:

Authorization: Bearer <api-key>

API Keys

API keys are long-lived credentials ideal for server-to-server integrations, CI/CD pipelines, and scripts. They never expire — they remain valid until you revoke them.

curl -H "Authorization: Bearer ok_BRTRKFsL_51FwqftsmMDHHbJAMEXXHCgG" \
     https://api.orbitkit.io/api/status

let url = URL(string: "https://api.orbitkit.io/api/status")!
var request = URLRequest(url: url)
request.setValue("Bearer ok_BRTRKFsL_51FwqftsmMDHHbJAMEXXHCgG",
                 forHTTPHeaderField: "Authorization")

let (data, _) = try await URLSession.shared.data(for: request)

const res = await fetch("https://api.orbitkit.io/api/status", {
  headers: {
    Authorization: "Bearer ok_BRTRKFsL_51FwqftsmMDHHbJAMEXXHCgG",
  },
});
const data = await res.json();

Create and manage keys from the Account page or via the API Keys endpoints.

When to use API keys

  • CI/CD pipelines and automated deployments
  • Server-to-server integrations
  • Scripts and CLI tools
  • Any programmatic access to the API

401 errors

If your key is missing, invalid, or revoked, the API returns:

{
  "error": {
    "code": "UNAUTHORIZED",
    "message": "Invalid or expired token"
  }
}

Check that you’re passing a valid, non-revoked API key in the Authorization header.