Authentication

Every request to the Arsel API must include a valid API key. Keys are scoped to your organization, so all usage and rate limits apply at the organization level.

API Key Format

Arsel API keys use the format:

be_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

The be_ prefix identifies the key type. The remaining characters are cryptographically random.

Sending Authenticated Requests

Include your API key in the Authorization header using the Bearer scheme:

Authorization: Bearer be_your_api_key_here

Header	Value	Required
`Authorization`	`Bearer <your-api-key>`	Yes
`Content-Type`	`application/json`	Yes

Generating API Keys

Log in to your Arsel Dashboard
Navigate to Settings > API Keys
Click Create API Key and give it a descriptive name
Copy the key immediately — it is only shown once

warning

Store your API key securely. It cannot be retrieved after creation. If you lose it, revoke the old key and generate a new one.

Key Management

From the dashboard you can:

View all active keys and their last-used timestamps
Revoke keys that are no longer needed
Rotate keys by creating a new one and revoking the old one

Security Best Practices

Never expose keys in client-side code. API keys should only be used in server-to-server communication.
Use environment variables to store keys, not source code.
Rotate keys periodically and immediately if a key may have been compromised.
Use separate keys for development and production environments.

Authentication Errors

If your API key is missing, invalid, or revoked, the API returns:

{
  "status_code": 401,
  "name": "unauthorized",
  "message": "Invalid or missing API key"
}

API Key Format​

Sending Authenticated Requests​

Generating API Keys​

Key Management​

Security Best Practices​

Authentication Errors​