Social0|Docs
API

Authentication

Authenticate API requests with Bearer API keys from the Developer dashboard.

API keys

API keys are created in the dashboard under Developer (/dashboard/api-keys).

PropertyDetail
Formatsk_live_ + random secret
StorageOnly the hash is stored server-side
VisibilityRaw key shown once on create and regenerate
Multiple keysSupported — each has name, prefix, last_used_at, created_at, optional expires_at
Revoked keysReturn 401 with invalid_api_key

There are no API key scopes today — all keys are full-access. Scoped keys may be added in a future release.

Request header

Every /v1 request must include:

Authorization: Bearer sk_live_xxxxxxxxxxxxxxxx

Example:

curl https://api.social0.app/v1/accounts \
  -H "Authorization: Bearer sk_live_YOUR_KEY"

Legacy keys

Older keys with prefix s0_live_ still work. New keys use sk_live_.

Session auth (dashboard only)

Dashboard management routes (/api/api-keys, /api/webhooks/subscriptions) use session cookies, not API keys. External integrations should use /v1 only — do not use /api/* routes from third-party clients.

Security best practices

  • Never commit keys to git — use environment variables or a secrets manager
  • Rotate keys via Regenerate in the dashboard (old key revoked immediately)
  • Revoke unused keys — delete keys you no longer need
  • Do not expose keys in client-side code — API keys belong on your server, not in browser JavaScript
  • One key per integration — makes rotation and revocation easier

Managing keys in the dashboard

See Developer settings for creating, renaming, regenerating, and revoking keys, plus webhook setup on the same page.

On this page