Skip to content
Sidvy Docs Open app

Authentication

All API requests require authentication using an API key.

Getting an API Key

Section titled “Getting an API Key”
  1. Log in to Sidvy
  2. Go to Settings > API Keys
  3. Click Generate New Key
  4. Copy the key (shown only once)

See API Keys for detailed instructions.

Using Your API Key

Section titled “Using Your API Key”

Include the API key in the Authorization header of every request:

Terminal window
curl -X GET "https://sidvy.com/api/note" \
  -H "Authorization: Bearer sidvy_abc123..."

API Key Format

Section titled “API Key Format”

API keys follow this format:

  • Prefix: sidvy_
  • Random string: 32+ characters

Example: sidvy_a1b2c3d4e5f6g7h8i9j0...

Base URL

Section titled “Base URL”

All API requests use this base URL:

https://sidvy.com/api

Content Type

Section titled “Content Type”

All requests with a body must include the JSON content type header:

Content-Type: application/json

Response Format

Section titled “Response Format”

All successful responses follow this structure:

{
  "data": { ... },
  "pagination": {
    "page": 1,
    "limit": 50,
    "total": 100,
    "totalPages": 2
  },
  "count": 100
}

For single-item responses, data contains the object directly. For lists, data is an array.

Error Responses

Section titled “Error Responses”

All errors follow this structure:

{
  "error": "ERROR_CODE",
  "message": "Human-readable error message"
}

Common Error Codes

Section titled “Common Error Codes”
CodeHTTP StatusDescription
UNAUTHORIZED401Missing or invalid API key
FORBIDDEN403Access denied to resource
NOT_FOUND404Resource not found
VALIDATION_ERROR400Invalid request parameters
MALFORMED_REQUEST400Invalid JSON in request body
INTERNAL_ERROR500Server error

Authentication Errors

Section titled “Authentication Errors”

401 Unauthorized

Section titled “401 Unauthorized”
{
  "error": "UNAUTHORIZED",
  "message": "Authentication required"
}

Causes:

  • Missing Authorization header
  • Invalid API key format
  • Revoked API key

403 Forbidden

Section titled “403 Forbidden”
{
  "error": "FORBIDDEN",
  "message": "Access denied to workspace"
}

Causes:

  • Attempting to access another user’s data
  • Resource belongs to different user

Security Best Practices

Section titled “Security Best Practices”

Keep Keys Secret

Section titled “Keep Keys Secret”
  • Never commit API keys to version control
  • Use environment variables
  • Don’t expose keys in client-side code

Use HTTPS

Section titled “Use HTTPS”

All API requests must use HTTPS. HTTP requests are rejected.

Rotate Keys Periodically

Section titled “Rotate Keys Periodically”

Create new keys and revoke old ones regularly, especially if team members leave.

Monitor Usage

Section titled “Monitor Usage”

Check Settings > API Keys for last-used timestamps to detect unauthorized access.