# API Authentication

All Streampixel API endpoints require an **API Key** for authentication. The key is passed in the request body (not as a header).

## Generating Your API Key

1. Log in to your [Streampixel Dashboard](https://dashboard.streampixel.io)
2. Click your **account name** in the top-right corner
3. Click the **"Request API Key"** button
4. The API key will be sent to your registered email address

{% hint style="danger" %}
Your API key is shown **only once**. Copy and store it securely — you will not be able to view it again.
{% endhint %}

{% hint style="warning" %}
Requesting a new API key will **automatically invalidate** the previous one. Any integrations using the old key will stop working immediately.
{% endhint %}

## Using Your API Key

Include the `apiKey` field in the JSON body of every API request:

{% tabs %}
{% tab title="cURL" %}

```bash
curl -X POST https://api.streampixel.io/pixelStripeApi/projects/upload-file \
  -H "Content-Type: application/json" \
  -d '{
    "apiKey": "your-api-key-here",
    "userId": "your-user-id",
    "projectId": "your-project-id",
    "fileUrl": "https://storage.example.com/build.zip"
  }'
```

{% endtab %}

{% tab title="JavaScript" %}

```javascript
const response = await fetch(
  'https://api.streampixel.io/pixelStripeApi/projects/upload-file',
  {
    method: 'POST',
    headers: { 'Content-Type': 'application/json' },
    body: JSON.stringify({
      apiKey: 'your-api-key-here',
      userId: 'your-user-id',
      projectId: 'your-project-id',
      fileUrl: 'https://storage.example.com/build.zip',
    }),
  }
);
```

{% endtab %}

{% tab title="Python" %}

```python
import requests

response = requests.post(
    'https://api.streampixel.io/pixelStripeApi/projects/upload-file',
    json={
        'apiKey': 'your-api-key-here',
        'userId': 'your-user-id',
        'projectId': 'your-project-id',
        'fileUrl': 'https://storage.example.com/build.zip',
    }
)
```

{% endtab %}
{% endtabs %}

## Error Responses

| Status | Message                         | Cause                                        |
| ------ | ------------------------------- | -------------------------------------------- |
| `401`  | `Unauthorized: Invalid API Key` | The API key is wrong or has been invalidated |
| `401`  | `Invalid User`                  | The `userId` doesn't match any account       |

{% hint style="info" %}
If you receive a `401` error, generate a new API key from the dashboard and update your integration.
{% endhint %}

## Security Best Practices

{% hint style="success" %}

* **Never** expose your API key in frontend code, public repos, or client-side applications
* Store it in environment variables or a secrets manager
* Rotate your key periodically by requesting a new one from the dashboard
* Use HTTPS for all API requests (the API only accepts HTTPS)
  {% endhint %}