API Keys
API keys authenticate server-to-server requests to AstroAPI.
They are required for all /api/astro/* endpoints.
Primary API Key
Use this key in your backend services to call AstroAPI. No login or session is required.
Keep this key secret. Never expose it in frontend JavaScript, public repositories, or client-side apps. Rotate the key immediately if it is ever leaked.
How API keys work
- API keys authenticate requests to
/api/astro/*. - They identify your account, not an individual user.
- Billing and limits are enforced server-side.
- JWT login is used only for this dashboard.
Best practices
- Store keys in environment variables or a secrets manager.
- Use separate keys per environment (dev, staging, prod).
- Rotate keys regularly and after any suspected compromise.
Coming soon
Multiple API keys, per-project usage tracking, and fine-grained access scopes.