Authentication

Authentication header

Include your API key in the X-API-Key header:

curl -X POST https://api.heychocolate.com/graphql \
  -H "Content-Type: application/json" \
  -H "X-API-Key: sk_live_your_key_here" \
  -d '{"query": "{ me { id name tier } }"}'

Verifying your key

query {
  me {
    id
    name
    email
    organization {
      id
      name
      tier
    }
    apiKey {
      prefix
      createdAt
      lastUsedAt
      permissions
    }
  }
}

Error responses

Missing API key

{
  "errors": [
    {
      "message": "Authentication required. Provide a valid API key via the X-API-Key header.",
      "extensions": { "code": "UNAUTHENTICATED" }
    }
  ]
}

Invalid API key

{
  "errors": [
    {
      "message": "Invalid API key.",
      "extensions": { "code": "INVALID_API_KEY" }
    }
  ]
}

Insufficient permissions

{
  "errors": [
    {
      "message": "Your API key does not have permission to access this resource. Required tier: Growth",
      "extensions": { "code": "FORBIDDEN", "requiredTier": "GROWTH" }
    }
  ]
}

Key prefixes

Prefix	Environment
`sk_live_`	Production
`sk_sandbox_`	Sandbox

For detailed authentication setup, see the Authentication Guide.

Overview

Schema

Queries

Mutations

Authentication header

Verifying your key

Error responses

Missing API key

Invalid API key

Insufficient permissions

Key prefixes

Overview

Schema

Queries

Mutations

​Authentication header

​Verifying your key

​Error responses

​Missing API key

​Invalid API key

​Insufficient permissions

​Key prefixes

Authentication header

Verifying your key

Error responses

Missing API key

Invalid API key

Insufficient permissions

Key prefixes