Authentication

All requests to the GraphQL endpoint require a valid API key.

Passing your API key

Provide the key via either of these methods:

x-api-key header
curl -X POST https://api.definitiv.io/graphql \
  -H "Content-Type: application/json" \
  -H "x-api-key: pk_your_api_key_here" \
  -d '{"query": "{ ... }"}'
Authorization: Bearer
curl -X POST https://api.definitiv.io/graphql \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer pk_your_api_key_here" \
  -d '{"query": "{ ... }"}'

Key format

API keys are prefixed with pk_ followed by a 64-character hex string:

pk_a1b2c3d4e5f6...
Warning
Your API key is shown once when generated. Store it securely — lost keys cannot be recovered.

Error responses

Missing or invalid keys return HTTP 401:

Missing key
{
  "errors": [
    {
      "message": "Missing API key. Provide via x-api-key header or Authorization: Bearer <key>."
    }
  ]
}
Invalid or revoked key
{
  "errors": [
    {
      "message": "Invalid or revoked API key."
    }
  ]
}