API Keys
Generate API keys from your dashboard settings. You can create multiple keys with different permissions.
Using API Keys
Include your API key in the Authorization header:
curl https://spike.ac/api/forms \
-H "Authorization: Bearer sk_live_abc123..."
Key Types
| Type | Prefix | Use Case |
|---|
| Live | sk_live_ | Production API calls |
| Test | sk_test_ | Development/testing |
# Form-level key only works for that form
curl https://spike.ac/api/forms/FORM_ID/submissions \
-H "Authorization: Bearer fk_abc123..."
Permissions
API keys can have different permission levels:
| Permission | Description |
|---|
read | Read submissions and form data |
write | Create and update forms |
delete | Delete forms and submissions |
admin | Full access including billing |
Security Best Practices
Never expose API keys in client-side code. Use server-side requests or environment variables.
- Rotate keys periodically
- Use form-level keys when possible
- Set minimum required permissions
- Monitor key usage in dashboard
