Authentication

All API requests require a valid API key.

Overview

SealTrail uses API keys to authenticate requests to the data API (events, chains, verification). Every request must include your API key in the Authorization header.

API key format

API keys follow a consistent prefix format that indicates their environment:

stl_live_... — Production key, logs real events
stl_test_... — Sandbox key, for development and testing

Usage

Include your API key as a Bearer token in the Authorization header:

terminal

curl https://api.sealtrail.dev/v1/events \
  -H "Authorization: Bearer stl_live_7h8i9j0k..."

example.ts

const res = await fetch("https://api.sealtrail.dev/v1/events", {
  headers: {
    "Authorization": "Bearer stl_live_7h8i9j0k...",
    "Content-Type": "application/json",
  },
});

Obtaining your API key

API keys are created and managed in the SealTrail dashboard. When you create a key, the full key is displayed once — copy and store it securely. Only the prefix (e.g. stl_live_7h8i) is visible afterwards.

API keys are shown only once when created. Store them in a secure secret manager like Doppler, AWS Secrets Manager, or your CI/CD environment variables. Never commit keys to source code.

Authentication errors

If authentication fails, the API returns one of these errors:

Status	Code	Meaning
`401`	`UNAUTHORIZED`	Missing or invalid API key
`403`	`FORBIDDEN`	Key does not have permission for this resource

error-response.json

{
  "error": {
    "code": "UNAUTHORIZED",
    "message": "Invalid or missing API key"
  }
}

Management routes (creating API keys, managing tenants, billing) are only accessible through the dashboard. They use Clerk session authentication, not API keys.

← Quick Start API Reference →