Authentication

The API authenticates with an API key. Create and manage keys on the API keys page. Keys are shown once at creation and stored only as a salted hash — we can never show them again.

Sending the key

Send your key in the Authorization header as a bearer token:

Authorization: Bearer ut_live_YOUR_KEY

Or, equivalently, in the X-Api-Key header:

X-Api-Key: ut_live_YOUR_KEY

Revoking keys

Revoke a key from the dashboard at any time. Revoked keys are rejected immediately with 401 unauthorized. Revocation is permanent; create a new key to rotate.

Security notes

  • Never embed keys in client-side code or public repositories.
  • Use a separate key per environment so you can revoke independently.
  • All requests must be over HTTPS.