Authentication
All API requests to SheetsJSON require authentication. We use API keys to identify and authorize requests.
API Keys
API keys are the primary method of authentication. Each key is tied to your account and has access to all sheets you’ve connected.
Creating an API Key
- Navigate to API Keys in your dashboard
- Click Create New Key
- Give your key a descriptive name
- Copy the key immediately — it won’t be shown again
Key Format
API keys follow this format:
sk_live_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
sk_test_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx-
sk_live_keys are for production use -
sk_test_keys are for development and testing
Using Your API Key
Include your API key in the Authorization header:
curl -X GET "https://api.sheetsjson.com/v1/sheets/abc123" \
-H "Authorization: Bearer sk_live_your_api_key"Alternative: Query Parameter
While we recommend using headers, you can also pass the key as a query parameter:
curl "https://api.sheetsjson.com/v1/sheets/abc123?api_key=sk_live_your_api_key"Warning: Query parameters may be logged by proxies and appear in browser history. Use headers for better security.
Error Responses
Missing API Key
{
"error": {
"code": "unauthorized",
"message": "API key is required"
}
}Invalid API Key
{
"error": {
"code": "forbidden",
"message": "Invalid API key"
}
}Rate Limited
{
"error": {
"code": "rate_limited",
"message": "Too many requests. Please retry after 60 seconds.",
"retry_after": 60
}
}Best Practices
Do
- ✅ Store API keys in environment variables
- ✅ Use different keys for development and production
- ✅ Rotate keys periodically
- ✅ Monitor key usage in the dashboard
Don’t
- ❌ Commit API keys to version control
- ❌ Share keys between applications
- ❌ Expose keys in client-side code
- ❌ Use production keys for testing
Revoking Keys
If a key is compromised:
- Go to API Keys in your dashboard
- Find the compromised key
- Click Revoke
- Create a new key and update your applications
Revoked keys are immediately invalidated and cannot be restored.