Authentication

Every Spate API request is authenticated with a bearer token. This page covers how to create a key, use it on requests, and rotate it when needed.

Generate a key

1. Open Settings → API at app.spate.nyc/settings/api (login required).

2. Click Create new key and give it a memorable label (e.g. local-dev or prod-server).

3. Copy the key and store it somewhere safe.

Treat keys like passwords

Keys are shown only once and grant full access to your account. Store them in a password manager, a .env file, or your platform’s secret store — never in client-side code, git, or screenshots. If a key is lost or leaked, revoke it and generate a new one.

Authorize a request

Pass the key as a bearer token in the Authorization header:

Terminal

curl "https://api.spate.nyc/v1/latest/cat1/trends/top5/popindex/us/6d408533-6979-43aa-80af-4d88bf0be860" \
    -H "Authorization: Bearer $SPATE_API_KEY"

JavaScript

fetch-trends.js

const id = "6d408533-6979-43aa-80af-4d88bf0be860";
const res = await fetch(
  `https://api.spate.nyc/v1/latest/cat1/trends/top5/popindex/us/${id}`,
  {
    headers: { Authorization: `Bearer ${process.env.SPATE_API_KEY}` },
  },
);

if (!res.ok) throw new Error(`Spate ${res.status}: ${await res.text()}`);
const { data } = await res.json();

Python

fetch_trends.py

import os
import requests

cat1_id = "6d408533-6979-43aa-80af-4d88bf0be860"
res = requests.get(
    f"https://api.spate.nyc/v1/latest/cat1/trends/top5/popindex/us/{cat1_id}",
    headers={"Authorization": f"Bearer {os.environ['SPATE_API_KEY']}"},
    timeout=10,
)
res.raise_for_status()
payload = res.json()

Missing, malformed, or revoked keys receive 401 Unauthorized.

Unauthenticated requests are never billed.

Rotate or revoke

To revoke an active key, open Settings → API and remove it. Rotating is the same flow: create a new key, swap it in your environment, then revoke the old one.

Next steps

Quick start Make your first authenticated request in under three minutes.