Skip to main content
ErynoaGroup authenticates API requests using API keys passed as Bearer tokens in the Authorization header. This guide explains how to create keys, use them in requests, manage scopes, and handle authentication errors.

Generate an API key

1

Open your dashboard

Log into your ErynoaGroup dashboard at erynoa.group.
2

Navigate to API Keys

Go to Settings → API Keys and click Create API Key.
3

Configure the key

Give your key a descriptive name (e.g., production-backend, ci-pipeline). Select the appropriate scope:
ScopePermissions
readList and retrieve resources only
writeCreate, update, and delete resources
adminFull access including managing API keys and webhooks
4

Copy and store your key

Your key is shown only once. Copy it immediately and store it securely — in an environment variable, a secrets manager, or a vault.
Never commit API keys to version control or expose them in client-side code.

Use your API key

Include your API key in the Authorization header as a Bearer token on every request: 
curl -X GET https://api.erynoa.group/v1/resources \
  -H "Authorization: Bearer sk_live_YOUR_API_KEY"
Store your API key as an environment variable and reference it in your code:
export ERYNOA_API_KEY="sk_live_YOUR_API_KEY"

curl -X GET https://api.erynoa.group/v1/resources \
  -H "Authorization: Bearer $ERYNOA_API_KEY"

Authentication errors

HTTP StatusError CodeMeaning
401 Unauthorizedinvalid_api_keyKey is missing, malformed, or does not exist
401 Unauthorizedapi_key_expiredKey has been rotated and is no longer valid
403 Forbiddeninsufficient_scopeKey lacks the permission required for this operation
An authentication error response looks like: 
{
  "error": {
    "code": "invalid_api_key",
    "message": "The API key provided is invalid or has been revoked.",
    "status": 401
  }
}

Rotate or revoke a key

To rotate a key:
  1. Create a new key in Settings → API Keys
  2. Update your application to use the new key
  3. Revoke the old key by clicking Revoke next to it in the dashboard
Revoking a key immediately invalidates it — any requests using the old key will receive a 401 response.

Multiple keys

You can create multiple API keys for different applications, environments, or team members. This lets you:
  • Audit which application made which request
  • Revoke access for a specific service without affecting others
  • Use read-only keys for services that only need to query data