DocumentationAPI ReferenceIntegrations

Authentication

How API keys work and how to send them with every request.

Every Wire request is authenticated with an API key. Create and manage keys in the console under API keys.

Sending the key

Pass your key in the X-API-Key header:

curl https://api.openwire.sh/v1/wire/catalog \
  -H "X-API-Key: $ANAKIN_API_KEY"

For convenience, the API also accepts the key via Authorization: Bearer <key>.

Key handling

  • Keys are shown once at creation; store them in a secret manager, not in source control.
  • Keys are stored as hashes on our side; we can't recover a lost key, only revoke and reissue.
  • Rotate a key immediately if you suspect it was exposed. Revoked keys stop working on the next request.

Per-site accounts

Some actions act on a real account you control (your Amazon, your GitHub). The API key authenticates you to Wire; a separate identity authorizes the action against the upstream site. See Identities.