Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.streampixel.io/llms.txt

Use this file to discover all available pages before exploring further.

API keys authenticate your REST requests. Keys are issued per user and inherit that user’s project access. Pass the key in the JSON body alongside your userId.

Generate a key

1

Sign in to the dashboard

Open dashboard.streampixel.io and sign in.
2

Open your account menu

Click your account name in the top-right corner.
3

Request the key

Click Request API Key. The key is sent to your registered email address and shown once in the dashboard.
4

Copy and store it

Save the key in a password manager or secrets store immediately.
An API key is shown only once. If you lose it, you must generate a new one — there is no way to retrieve the original.

Use a key in a request

Pass it as apiKey in the JSON body — never as an Authorization header. Every call also needs your userId and projectId. 
curl -X POST https://api.streampixel.io/pixelStripeApi/projects/upload-file \
  -H "Content-Type: application/json" \
  -d '{
    "apiKey": "YOUR_API_KEY",
    "userId": "YOUR_USER_ID",
    "projectId": "YOUR_PROJECT_ID",
    "fileUrl": "https://storage.example.com/build.zip"
  }'

Key scope

A key inherits the access of the user it was generated for:
  • Account owner — the key works on every project in the account.
  • Team member with FULL access — the key works on every project in their access list.
  • Team member with READONLY access — the key only works for read endpoints on projects in their access list.
If a team member is removed from a project, their key immediately stops working on that project.

Rotate a key

Rotation is one-step: requesting a new key invalidates the previous one.
1

Generate a new key

Click Request API Key in your account menu.
2

Update your integrations

Replace the old key everywhere it is used — env vars, CI secrets, deploy configs.
3

Verify

Make a test request. A 401 Unauthorized: Invalid API Key means an integration still references the old value.
Generating a new key takes effect immediately. Any service still using the old key will fail with 401 until you update it.

Security best practices

  • Never commit keys to source control. Use env vars or a secrets store.
  • Server-side only. Don’t embed in browser bundles, mobile binaries, or anything users can decompile.
  • Rotate on suspected exposure. Accidentally pushed to GitHub → rotate immediately, then scrub the commit.
  • Limit teammate scope. Use READONLY or per-project access — their keys inherit the restrictions.

Troubleshooting

StatusMessageCause
401Unauthorized: Invalid API KeyKey was rotated, mistyped, or belongs to a different account
401Invalid UseruserId does not match the key’s owner
403ForbiddenKey owner has no access to the requested project

Next steps

API authentication

Full reference for the auth model used by every endpoint.

Find your IDs

Locate userId and projectId for use in requests.

Team members

Control who can issue keys and which projects they cover.

Webhooks

Get push notifications instead of polling the API.