Authentication
How to authenticate with the Plushcap API using API keys.
Authentication
All API endpoints require authentication via an API key.
Sending Your API Key
Preferred: Send the key in the X-API-Key HTTP header:
X-API-Key: your-api-key-here
Legacy: Include api_key in the JSON request body (supported but not
recommended for new integrations).
Permission Levels
Each API key has one of two permission levels:
| Level | Allowed Methods | Use Case |
|---|---|---|
read_only |
GET, HEAD, OPTIONS | Querying data |
full_access |
All methods | Creating and updating data |
Key Expiration
API keys may have an optional expiration date. Expired keys are rejected
with a 403 Forbidden response.
Error Responses
Missing or invalid key:
{"error": "Invalid API key"}
Status: 403 Forbidden
Insufficient permissions (e.g., POST with a read-only key):
{"detail": "You do not have permission to perform this action."}
Status: 403 Forbidden