Authentication

Basics

The API authenticates with a secret API key sent as a Bearer token.

Creating a key

In the dashboard, go to My Org → Developer (Enterprise plan required). Click Create key, give it a label, and copy the secret — it's shown once and can't be retrieved again. Keys look like:

dk_live_XXXXXXXXXXXXXXXXXXXXXXXXXXXXX

You can revoke a key at any time; revocation takes effect immediately.

Making a request

Send your key in the Authorization header:

curl https://distryb.com/api/v1/me \
  -H "Authorization: Bearer dk_live_…"

GET /me returns your organization and the key's scopes — a good first call to confirm setup:

{ "org": { "id": "…", "name": "Acme Distributing", "type": "distributor" }, "scopes": ["read"] }

Scopes

Keys carry scopes. Today the API is read-only (read); write scopes are coming.

Rate limits

Each key is limited to 120 requests per minute. Exceeding it returns 429 with a Retry-After header.

Keep keys secret

Treat keys like passwords — never embed them in client-side code or commit them to source control. Use one key per integration so you can revoke individually.

← Introduction Errors & pagination →