Authentication
Phase 2
This documentation is a preview. The API is currently in development.
API keys
All API requests require authentication via an API key passed in the request header.
Generating an API key
- Go to Settings > API in the Scrollengine dashboard
- Click Generate API Key
- Name the key (e.g., "Production", "Staging")
- Copy the key — it won't be shown again
Using the key
Include the API key in the Authorization header:
curl -X GET https://api.scrollengine.com/v1/orders \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json"
Key management
- Rotate keys — Generate a new key and deprecate the old one periodically
- Separate keys — Use different keys for production and development
- Revoke keys — Immediately disable a key if it's compromised
Security
- All API requests must use HTTPS
- API keys should be stored securely (environment variables, secrets manager) — never in client-side code
- Each key is scoped to a single Scrollengine account