StashKit
Get API KeyDashboard

Getting Started

Authentication

Every API request must include a valid API key. Keys are scoped to a single brand and carry full read/write access to that brand's content.

API Keys

Generate an API key from the API Keys settings page. Each key is tied to a specific brand — if you manage multiple brands, generate a separate key for each.

Keys are prefixed with sk_ and are shown only once at creation time. Store them securely.

Using Your Key

Pass your key in the Authorization header using the Bearer scheme:

Example request
curl https://stashkit.net/api/v1/content \
  -H "Authorization: Bearer sk_your_api_key"

Keep your keys safe

Never commit API keys to version control or expose them in client-side code. Use environment variables or a secrets manager.

Key Scoping

Each API key is scoped to exactly one brand. All operations performed with that key — uploads, content updates, deletions — apply only to that brand. There is no way to access another brand's data with a given key.

Authentication Errors

If authentication fails, the API returns a 401 status with a descriptive error:

Missing header
{
  "error": "Missing or invalid Authorization header. Use: Bearer sk_your_api_key"
}
Invalid key
{
  "error": "Invalid API key"
}