Skip to main content

Obtaining your API key

API keys authenticate requests to the endpoints. They are static credentials tied to a user account. Contact SquadAssist to obtain an API key for your account.

Sending your API key

You can pass the API key in either of two ways. Both are accepted on every endpoint. 
curl https://api.squadassist.ai/v1/player_positions \
  -H "x-api-key: <your-api-key>"
The x-api-key header is the recommended style for server-to-server requests as it avoids ambiguity with JWT Bearer tokens.
API keys are sensitive credentials. Never expose them in client-side code, commit them to version control, or log them. Store them in environment variables or a secrets manager.

Authentication errors

Both authentication methods return the same HTTP status codes when credentials are missing or invalid.
StatusBodyCause
401{"error": "Missing API key"}No API key was sent in the request
401{"error": "Invalid API key"}The API key is not recognised or has an invalid format
401{"error": "API key is revoked"}The key has been revoked and can no longer be used
401{"error": "Invalid email or password"}Credentials supplied to /auth/login are incorrect
403{"error": "Account access denied: <reason>"}Your account exists but is inactive, not yet activated, or does not have access on your current plan
If you receive a 403 with an account access denied message, contact SquadAssist to review your account status or plan.