Authentication
The Data API authenticates server-to-server requests with API keys. Every
request to a /v1 endpoint must include a bearer token:
Authorization: Bearer <your-api-key>
Each API key authenticates a single trusted server-side caller. You may be issued more than one key (for example one per environment or workload); treat every key as a secret.
Example
curl https://api.data.snow.day/v1/learning-opportunities \
-H "Authorization: Bearer $SNOWDAY_DATA_API_KEY"
Failure modes
| Status | Type | When |
|---|---|---|
401 | unauthorized | The Authorization header is missing, malformed, or the key is unknown. |
403 | forbidden | The key is valid but not permitted to access the resource. |
Both responses use application/problem+json. Never log or embed API keys in
client-side code; they are intended for trusted server-side callers only.
note
API keys are currently provisioned manually for internal consumers. Self-serve key management and access tiers are planned but not yet available.