Authentication

All API requests require authentication using an API key.

API Keys

You’ll find your API keys in the dashboard.

Key Type	Prefix	Use Case
Sandbox	sk_sandbox_	Development & testing
Live	sk_live_	Production

Caution

Never expose your API keys in client-side code. Always make API calls from your server.

Using Your API Key

Include your API key in the Authorization header:

cURLbash

Copy

curl https://eu.spaceinvoices.com/entities \
  -H "Authorization: Bearer YOUR_API_KEY"

Or with the SDK:

SDKtypescript

Copy

import SpaceInvoices from "@spaceinvoices/js-sdk";

const sdk = new SpaceInvoices("YOUR_API_KEY");

Environment Separation

Sandbox and live environments are completely separate:

• Different API keys
• Different data
• No cross-contamination

Environment configtypescript

Copy

// Development
const sdk = new SpaceInvoices(process.env.SI_SANDBOX_KEY);

// Production
const sdk = new SpaceInvoices(process.env.SI_LIVE_KEY);

Key Rotation

To rotate your API key:

1. Generate a new key in the dashboard
2. Update your application to use the new key
3. Revoke the old key once confirmed working

Rate Limits

Environment	Requests/minute
Sandbox	60
Live	600

When you exceed the rate limit, the API returns 429 Too Many Requests.

Security Best Practices

1. Store keys securely — Use environment variables or a secrets manager
2. Use different keys per environment — Never use production keys in development
3. Rotate regularly — Rotate keys at least quarterly
4. Monitor usage — Set up alerts for unusual API activity
5. Restrict access — Only give team members the access they need