Authentication
The API authenticates with an API key. Create and manage keys on the API keys page. Keys are shown once at creation and stored only as a salted hash — we can never show them again.
Sending the key
Send your key in the Authorization header as a bearer token:
Authorization: Bearer ut_live_YOUR_KEYOr, equivalently, in the X-Api-Key header:
X-Api-Key: ut_live_YOUR_KEYRevoking keys
Revoke a key from the dashboard at any time. Revoked keys are rejected immediately with 401 unauthorized. Revocation is permanent; create a new key to rotate.
Security notes
- Never embed keys in client-side code or public repositories.
- Use a separate key per environment so you can revoke independently.
- All requests must be over HTTPS.