Overview
All API requests must be authenticated using a Bearer token in the Authorization header.
Include your API key in the Authorization header of every request:
Authorization: Bearer pk_live_YOUR_API_KEY
Example
Here’s an example of an authenticated request:
curl https://www.referralloop.dev/api/v1/waitlists \
-H "Authorization: Bearer pk_live_YOUR_API_KEY"
- Live keys:
pk_live_...
- Test keys:
pk_test_... (if available)
Security Best Practices
Never expose your API keys: - Don’t commit them to version control - Don’t
include them in client-side code - Don’t share them publicly - Rotate them if
compromised
Invalid API Key
If you use an invalid API key, you’ll receive a 401 Unauthorized response:
{
"error": "Invalid API key"
}
{
"error": "Missing or invalid authorization header"
}
