Every Socifyr API call is authenticated with an API key. Keys are scoped to a workspace and inherit the role of whoever created them.
Creating a key
- Open the dashboard → Settings → API Keys
- Click Create key, give it a label (e.g. "Production backend")
- Copy the key starting with
sk_— shown only once
Keys are stored hashed; if you lose one, create a new one and delete the old.
Using a key
Send it in the Authorization header as a Bearer token:
http
Authorization: Bearer sk_4b737840408f5d3edc79c76268afe9e1...typescript
const socifyr = new Socifyr({
apiKey: process.env.SOCIFYR_API_KEY!,
workspaceId: process.env.SOCIFYR_WORKSPACE_ID!,
})bash
# Persistent
socifyr configure --key sk_... --workspace <workspaceId>
# Or per-command via env vars
SOCIFYR_API_KEY=sk_... SOCIFYR_WORKSPACE_ID=... socifyr connectionsbash
curl -H "Authorization: Bearer sk_..." \
-H "X-Workspace-Id: <workspaceId>" \
https://api.socifyr.com/api/contentRotation
To rotate a key:
- Create a new key
- Deploy with the new key
- Delete the old key from the dashboard
There's no downtime — both keys are valid in parallel until you delete the old one.
Managing keys via the API
typescript
// List
const keys = await socifyr.workspaces.listApiKeys(workspaceId)
// Create
const { plaintext } = await socifyr.workspaces.createApiKey(workspaceId, {
label: 'CI bot',
})
console.log(plaintext) // only returned once
// Delete
await socifyr.workspaces.deleteApiKey(workspaceId, keyId)Security tips
- Never commit a key to source control. Use environment variables or a secrets manager
- Don't ship API keys in client-side code (mobile apps, browser bundles)
- Do create separate keys per service (frontend, CI, scripts) so you can rotate one without disturbing the rest
- Do delete keys for departed teammates immediately
Last-used tracking
Every authenticated request updates the key's lastUsedAt timestamp. You can audit unused keys via workspaces.listApiKeys().