Authentication

Phase 2

This documentation is a preview. The API is currently in development.

API Keys

All API requests require authentication via an API key passed in the request header.

Generating an API Key

1. Go to Settings > API in the Scrollengine dashboard.
2. Click Generate API Key.
3. Name the key (e.g., "Production", "Staging").
4. Copy the key -- it will not be shown again.

Using the Key

Include the API key in the Authorization header:

curl -X GET https://api.scrollengine.com/v1/locations \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json"

Key Management

• Rotate keys -- Generate a new key and deprecate the old one periodically.
• Separate keys -- Use different keys for production and development environments.
• Revoke keys -- Immediately disable a key if it is compromised.

Keys can be managed from Settings > API in the Scrollengine dashboard. Each key displays its name, creation date, and last-used timestamp.

Security

• All API requests must use HTTPS. Requests over plain HTTP will be rejected.
• API keys should be stored securely (environment variables, secrets manager) -- never in client-side code or version control.
• Each key is scoped to a single Scrollengine account and has access to all locations within that account.

Next Steps

• API Overview -- Understand the planned API endpoints.
• Locations API -- Preview CRUD operations for locations.