Skip to content

API Keys

API keys allow your backend services to make authenticated calls to the SpartanAuth API without a user JWT — useful for administrative operations like creating invites, listing users, or managing sector settings programmatically.

  1. In the dashboard, navigate to your sector and click API Keys
  2. Click New API Key
  3. Give the key a descriptive name (e.g., “Backend service - prod”)
  4. Click Create and copy the key immediately — it will not be shown again

Include the API key in the X-API-Key header:

X-API-Key: <your-api-key>

This header is distinct from the Authorization: Bearer header used for user JWTs — you can only send one or the other per request.

To rotate a key, create a new one, update your deployment’s environment variable to use the new key, and then delete the old key from the dashboard.

API KeyUser JWT
Issued toYour backend serviceAn end user
ScopeAdmin access to a sectorUser’s own access
ExpiresNever (until deleted)After a configured TTL
Use caseServer-to-server operationsUser requests from your frontend