ErynoaGroup uses API key authentication for all API requests. Every call must include your API key in the Authorization header. This page is your API-level reference for authentication — for step-by-step key management instructions, see the Authentication guide.
Passing your API key
Include your API key as a Bearer token in the Authorization header:
curl -X GET https://api.erynoa.group/v1/resources \
-H "Authorization: Bearer sk_live_YOUR_API_KEY"
Never pass API keys as query parameters. Always use the Authorization header to prevent keys from appearing in server access logs.
Key prefixes
ErynoaGroup API keys use prefixes to indicate environment:
| Prefix | Environment |
|---|
sk_live_ | Production |
sk_test_ | Sandbox |
401 Unauthorized error.
Key scopes
Each API key has a scope that limits what operations it can perform:
| Scope | Allowed operations |
|---|
read | GET requests only — list and retrieve resources |
write | GET, POST, PUT, PATCH, DELETE on resources |
admin | All operations, including managing API keys and webhooks |
403 Forbidden with error code insufficient_scope.
Authentication error reference
401 Unauthorized
{
"error": {
"code": "invalid_api_key",
"message": "The API key provided is invalid or has been revoked.",
"status": 401
}
}
- Key is missing from the request
- Key contains a typo or extra whitespace
- Key has been revoked from the dashboard
401 — Key expired
{
"error": {
"code": "api_key_expired",
"message": "This API key has expired. Generate a new key from your dashboard.",
"status": 401
}
}
403 Forbidden
{
"error": {
"code": "insufficient_scope",
"message": "This operation requires 'write' scope. Your key has 'read' scope.",
"status": 403
}
}