Authentication
Create an API key and authenticate every request with a bearer token.
The Read API authenticates with a bearer token. Create one API key per integration and send it on every request.
Requires a Business plan
Creating and using API keys is a Business feature and requires a Business plan. See Plans & billing.
Create and use a key
Create a key
Go to Settings → API keys and create a key. SchemaForce generates a key that looks like sk_live_….
Copy it now
The key is shown only once, at the moment you create it. Copy it then and store it somewhere safe.
Send it on every request
Send the key as a bearer token in the Authorization header:
Authorization: Bearer sk_live_…
The key is shown once
SchemaForce keeps only a hash of the key and cannot show it to you again. If you lose it, create a new one.
Authenticate requests
curl https://api.schemaforce.com/v1/objects \
-H "Authorization: Bearer sk_live_…"
Managing keys
Manage every key for your workspace from Settings → API keys.
- Named — give each key a name when you create it, so you can tell one integration's key from another's.
- Shown once — the raw key (
sk_live_…) is shown a single time at creation. After that, SchemaForce stores only a hash and can't show it again. - Auditable — the list shows each key's prefix and when it was last used, so you can spot a key that's gone quiet or one you no longer recognize.
- Revocable — revoke any key from the same place; revoked keys stop working immediately (see below).
Rate limited per key
Requests are rate-limited per key. If a key exceeds its limit, requests return 429 Too Many Requests with a Retry-After header telling you how long to wait before trying again.
Scope and revocation
Keys are scoped to your workspace. You can revoke a key at any time from Settings → API keys. Once revoked, the key stops working immediately and any request using it returns 401.
Next, see the Endpoints you can call and the Change feed for schema history.