Authentication
API keys and environments for the SignalSeal HTTP API.
The SignalSeal HTTP API uses bearer token authentication. Every request
must include an Authorization header:
Authorization: Bearer ssk_live_...API key format
API keys come in two flavours, scoped by environment:
| Prefix | Environment | Use for |
|---|---|---|
ssk_live_... | Production | Real traffic and production servers. |
ssk_test_... | Sandbox | Development and CI. Test keys never affect production data. |
API keys are workspace-scoped. The key's permissions are determined by the workspace member who created it - see Members & roles.
Create an API key
Open Settings → API keys
From your workspace, go to Settings → API keys → New key.
Pick the environment
Choose Live or Test. Test keys are isolated from live data - events sent with a test key won't be forwarded to your production ad networks.
Give it a name and copy the key
Name it something memorable (e.g. production-server,
ci-pipeline). The full key is shown once - copy it
into your secret store immediately. SignalSeal never shows
the full key again, only the last four characters.
Rotate or revoke a key
Open Settings → API keys, find the key, and click Revoke. The key stops working immediately. To rotate, create a new key first, deploy it, and then revoke the old one.
If you suspect a key has leaked, revoke it right away. Anything
that was happening with the old key will start failing with 401 Unauthorized - that's the signal you need to roll out the
replacement.
Example request
curl https://api.signalseal.net/v1/health \
-H "Authorization: Bearer ssk_live_xxx"{
"status": "ok"
}