Authentication

SOSfinder authenticates requests with a secret API key. Find yours in the dashboard under Settings → API keys.

Using your key

Pass your key as a bearer token in the Authorization header on every request.

Authorization: Bearer sos_live_8f3a2b9c4d1e6f7a
Keep your key server-side. Never ship it to the browser or commit it to source control. Proxy every request through your backend — SOSfinder’s own client uses a server function so the key never reaches the client bundle.

Best practices

  • Store keys in environment variables, not in code.
  • Use separate keys for development and production.
  • Rotate a key immediately if it may have leaked — revoke and create a new one in the dashboard.
  • Scope keys per workspace so usage and billing stay clean.