API Keys
API keys allow your backend services to make authenticated calls to the SpartanAuth API without a user JWT — useful for administrative operations like creating invites, listing users, or managing sector settings programmatically.
Creating an API key
Section titled “Creating an API key”- In the dashboard, navigate to your sector and click API Keys
- Click New API Key
- Give the key a descriptive name (e.g., “Backend service - prod”)
- Click Create and copy the key immediately — it will not be shown again
Using an API key
Section titled “Using an API key”Include the API key in the X-API-Key header:
X-API-Key: <your-api-key>This header is distinct from the Authorization: Bearer header used for user JWTs — you can only send one or the other per request.
Rotating an API key
Section titled “Rotating an API key”To rotate a key, create a new one, update your deployment’s environment variable to use the new key, and then delete the old key from the dashboard.
API key vs. user JWT
Section titled “API key vs. user JWT”| API Key | User JWT | |
|---|---|---|
| Issued to | Your backend service | An end user |
| Scope | Admin access to a sector | User’s own access |
| Expires | Never (until deleted) | After a configured TTL |
| Use case | Server-to-server operations | User requests from your frontend |