Authentication
ArchiCore uses API keys for authentication.
Obtaining an API Key
- Log in to ArchiCore
- Go to Settings → Developer
- Click Generate API Key
- Copy and securely store your key
warning
API keys are shown only once. Store them securely!
Using the API Key
Include the key in the Authorization header:
curl -H "Authorization: Bearer sk_live_xxxxx" \
https://api.archicore.io/api/v1/projects
Or as a query parameter (not recommended):
curl "https://api.archicore.io/api/v1/projects?api_key=sk_live_xxxxx"
Key Types
| Prefix | Type | Description |
|---|---|---|
sk_live_ | Production | Full access to your account |
sk_test_ | Test | Limited access, for development |
Key Permissions
API keys inherit permissions from your account tier:
| Permission | Free | Pro | Enterprise |
|---|---|---|---|
| Read projects | ✓ | ✓ | ✓ |
| Create projects | ✓ | ✓ | ✓ |
| Analysis | ✓ | ✓ | ✓ |
| Webhooks | - | ✓ | ✓ |
| Team access | - | - | ✓ |
Revoking Keys
To revoke an API key:
- Go to Settings → Developer
- Find the key in the list
- Click Revoke
Revoked keys immediately stop working.
Security Best Practices
- Never commit API keys to version control
- Use environment variables to store keys
- Rotate keys regularly (recommended: every 90 days)
- Use test keys for development
- Monitor usage in the dashboard
Environment Variables
# .env (add to .gitignore!)
ARCHICORE_API_KEY=sk_live_xxxxx
const client = new ArchiCore({
apiKey: process.env.ARCHICORE_API_KEY
});
OAuth (Coming Soon)
OAuth 2.0 support is planned for team integrations.