Authentication
SOSfinder authenticates requests with a secret API key. Find yours in the dashboard under Settings → API keys.
Using your key
Pass your key as a bearer token in the Authorization header on every request.
Authorization: Bearer sos_live_8f3a2b9c4d1e6f7aKeep your key server-side. Never ship it to the browser or commit it to source control. Proxy every request through your backend — SOSfinder’s own client uses a server function so the key never reaches the client bundle.
Best practices
- Store keys in environment variables, not in code.
- Use separate keys for development and production.
- Rotate a key immediately if it may have leaked — revoke and create a new one in the dashboard.
- Scope keys per workspace so usage and billing stay clean.