Skip to main content
The Superlines REST API uses Bearer token authentication. Include your token in the Authorization header of every request.

Supported token types

Token typeFormatUse case
API Keysl_live_...Server-side integrations, scripts, CI/CD
OAuth Access TokenJWTMCP clients using OAuth flow
Firebase ID TokenJWTInternal/browser-based access

Getting your API key

1

Go to Organization Settings → API Keys

2

Click Generate API Key

A key is created with the format sl_live_...
3

Copy and store it securely

Keys are shown only once at creation.

Using your API key

Include it in the Authorization header. The API supports both GET and POST requests. 
curl -X POST https://api.superlines.io \
  -H "Authorization: Bearer sl_live_YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"endpoint": "metrics", "metrics": ["brand_visibility"]}'
Or in code: 
const response = await fetch('https://api.superlines.io', {
  method: 'POST',
  headers: {
    'Authorization': 'Bearer sl_live_YOUR_API_KEY',
    'Content-Type': 'application/json'
  },
  body: JSON.stringify({
    endpoint: 'metrics',
    metrics: ['brand_visibility', 'citation_rate'],
    brands: ['My Brand'],
    startDate: '2025-01-01',
    endDate: '2025-01-31'
  })
});
const data = await response.json();

Error responses

StatusMeaning
401 UnauthorizedMissing or invalid token
403 ForbiddenToken doesn’t have permission for this resource
429 Too Many RequestsRate limit exceeded — slow down

Security best practices

  • Never expose API keys in client-side code — they belong on your server
  • Use environment variables to store keys
  • Rotate keys regularly and revoke compromised ones immediately
  • One key per integration — makes it easy to revoke individually