Skip to main content

Authentication

The Data API authenticates server-to-server requests with API keys. Every request to a /v1 endpoint must include a bearer token:

Authorization: Bearer <your-api-key>

Each API key authenticates a single trusted server-side caller. You may be issued more than one key (for example one per environment or workload); treat every key as a secret.

Example

curl https://api.data.snow.day/v1/learning-opportunities \
-H "Authorization: Bearer $SNOWDAY_DATA_API_KEY"

Failure modes

StatusTypeWhen
401unauthorizedThe Authorization header is missing, malformed, or the key is unknown.
403forbiddenThe key is valid but not permitted to access the resource.

Both responses use application/problem+json. Never log or embed API keys in client-side code; they are intended for trusted server-side callers only.

note

API keys are currently provisioned manually for internal consumers. Self-serve key management and access tiers are planned but not yet available.