Learn how to authenticate with the Curyloop API using API keys and understand token management.
Authentication
Curyloop uses API keys for authentication. Each key is scoped to your user account and has access to all groups you're a member of.
Creating an API Key
- Go to Settings > API Keys in your dashboard
- Click Create API Key
- Give it a descriptive name (e.g., "CI/CD Pipeline", "Chrome Extension")
- Choose an expiration period or select "Never"
- Copy the key immediately -- it won't be shown again
Using Your API Key
Include the key in the Authorization header as a Bearer token:
bash
curl -H "Authorization: Bearer clp_abc123..." \
https://curyloop.com/api/v1/groups
JavaScript
javascript
const response = await fetch("https://curyloop.com/api/v1/groups", {
headers: {
Authorization: "Bearer clp_abc123...",
"Content-Type": "application/json",
},
});
const { data } = await response.json();
Python
python
import requests
response = requests.get(
"https://curyloop.com/api/v1/groups",
headers={"Authorization": "Bearer clp_abc123..."},
)
data = response.json()["data"]
Testing Your Key
After creating a key, use the Test Key button in the dashboard or make a test request:
bash
curl -X POST https://curyloop.com/api/extension/auth \
-H "Authorization: Bearer clp_abc123..."
A successful response confirms your key is valid.
Revoking Keys
You can revoke an API key at any time from the API Keys settings page. Revoked keys immediately stop working and cannot be restored.
Security Best Practices
- Never commit API keys to version control
- Use environment variables to store keys
- Set expiration dates for keys used in less secure environments
- Rotate keys periodically
- Use separate keys for different integrations