Docs/Getting started/Authentication

Authentication

Every API request is authenticated with a workspace-scoped API key, passed as a Bearer token.

v1 · beta

Create an API key

In the dashboard, go to Settings → API Keys and create a key. The secret is shown once at creation time — Ewyn stores only a hash of it, so copy it straight into your secret manager.

bash
export EWYN_API_KEY="your-api-key-secret"

Authenticate requests

Pass the key in the Authorization header on every request:

bash
curl https://www.ewyn.ai/api/v1/templates/config \
  -H "Authorization: Bearer $EWYN_API_KEY"

The SDK handles the header for you:

typescript
import { Ewyn } from '@ewyn/client';

const client = new Ewyn({ apiKey: process.env.EWYN_API_KEY! });

Scoping

Keys are scoped to a single workspace. Everything a key touches — templates, contacts, messages — belongs to that workspace; there is no cross-workspace access. Each request also updates the key's lastUsedAt, so you can audit stale keys from the dashboard.

Keep keys server-side.

API keys can send email and manage contacts, so treat them like passwords: environment variables or a secret manager, never a browser bundle or a public repo. If a key leaks, revoke it in the dashboard and create a new one.

Failed authentication

Requests with a missing, malformed, or revoked key return 401 Unauthorized. Rate limits apply per key after authentication — see Errors & rate limits.

Was this page helpful?