Skip to main content

Authentication header

Include your API key in the X-API-Key header:
curl -X POST https://api.heychocolate.com/graphql \
  -H "Content-Type: application/json" \
  -H "X-API-Key: sk_live_your_key_here" \
  -d '{"query": "{ me { id name tier } }"}'

Verifying your key

query {
  me {
    id
    name
    email
    organization {
      id
      name
      tier
    }
    apiKey {
      prefix
      createdAt
      lastUsedAt
      permissions
    }
  }
}

Error responses

Missing API key

{
  "errors": [
    {
      "message": "Authentication required. Provide a valid API key via the X-API-Key header.",
      "extensions": { "code": "UNAUTHENTICATED" }
    }
  ]
}

Invalid API key

{
  "errors": [
    {
      "message": "Invalid API key.",
      "extensions": { "code": "INVALID_API_KEY" }
    }
  ]
}

Insufficient permissions

{
  "errors": [
    {
      "message": "Your API key does not have permission to access this resource. Required tier: Growth",
      "extensions": { "code": "FORBIDDEN", "requiredTier": "GROWTH" }
    }
  ]
}

Key prefixes

PrefixEnvironment
sk_live_Production
sk_sandbox_Sandbox
For detailed authentication setup, see the Authentication Guide.