Authentication

All API requests require a valid API key passed as a Bearer token in the Authorization header.

Generating API Keys

Sign in to Tuberalytics
Go to API Keys
Click Create API Key
Copy the key immediately — it is only shown once

Token Format

API keys use the prefix sk_live_ followed by a random token:

sk_live_abc123def456ghi789

Important: Store your API key securely. Do not commit it to version control or expose it in client-side code.

Making Authenticated Requests

Include the API key in the Authorization header:

curl -X GET "https://tuberalytics.com/api/v1/me" \
  -H "Authorization: Bearer sk_live_your_api_key"

require "net/http"
require "json"

uri = URI("https://tuberalytics.com/api/v1/me")
req = Net::HTTP::Get.new(uri)
req["Authorization"] = "Bearer sk_live_your_api_key"
res = Net::HTTP.start(uri.hostname, uri.port, use_ssl: true) { |http| http.request(req) }
data = JSON.parse(res.body)

$ch = curl_init("https://tuberalytics.com/api/v1/me");
curl_setopt($ch, CURLOPT_HTTPHEADER, ["Authorization: Bearer sk_live_your_api_key"]);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$response = curl_exec($ch);
$data = json_decode($response, true);

Authentication Errors

Status	Error	Description
401	`Missing API key. Include 'Authorization: Bearer sk_live_...' header.`	No `Authorization` header provided
401	`Invalid or revoked API key.`	Key does not exist or has been revoked

Example error response:

{
  "error": "Missing API key. Include 'Authorization: Bearer sk_live_...' header."
}

Revoking Keys

You can revoke an API key at any time from the API Keys page. Revoked keys immediately return 401 errors.

Security Best Practices

Never expose API keys in client-side code — use a backend proxy
Rotate keys periodically — create a new key, update your integration, then revoke the old one
Use environment variables to store keys in your application