Skip to main content
The Superlines REST API uses Bearer token authentication. Include your token in the Authorization header of every request.

Supported token types

Token typeFormatUse case
API Keysl_live_...Server-side integrations, scripts, CI/CD
OAuth Access TokenJWTMCP clients using OAuth flow
Firebase ID TokenJWTInternal/browser-based access

Getting your API key

1

Go to Organization Settings → API Keys

2

Click Generate API Key

A key is created with the format sl_live_...
3

Copy and store it securely

Keys are shown only once at creation.

Using your API key

Include it in the Authorization header: 
curl -H "Authorization: Bearer sl_live_YOUR_API_KEY" \
  https://analytics.superlines.io/api/analytics/metrics
Or in code: 
const response = await fetch('https://analytics.superlines.io/api/analytics/metrics', {
  headers: {
    'Authorization': 'Bearer sl_live_YOUR_API_KEY',
    'Content-Type': 'application/json'
  }
});
const data = await response.json();

Error responses

StatusMeaning
401 UnauthorizedMissing or invalid token
403 ForbiddenToken doesn’t have permission for this resource
429 Too Many RequestsRate limit exceeded — slow down

Security best practices

  • Never expose API keys in client-side code — they belong on your server
  • Use environment variables to store keys
  • Rotate keys regularly and revoke compromised ones immediately
  • One key per integration — makes it easy to revoke individually