Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.stablesea.com/llms.txt

Use this file to discover all available pages before exploring further.

API Key Authentication

Stable Sea uses API keys to authenticate your requests. You can generate them from the Terminal.
API keys are shown only once at the time of creation. Be sure to copy and store them securely — they cannot be retrieved from the dashboard after creation.
All API requests must include an Authorization header with: Bearer <api-key>

Request Example

curl -X GET "https://api-sandbox.stablesea.com/v1/organizations" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json"

API Key Management

Key Types

  • Sandbox Keys: 64-character hexadecimal strings for development and testing
  • Production Keys: 64-character hexadecimal strings for live transactions
API keys are 64-character lowercase hexadecimal strings (e.g., a1b2c3d4e5f6789012345678901234567890abcdef1234567890abcdef123456)

Security Best Practices

Never commit API keys to version control or include them in client-side code. Always use environment variables or secure secret management systems.
  • Environment Variables: Store keys in environment variables, never in code
  • Key Rotation: Rotate keys every 90 days for enhanced security
  • Scope Limitation: Use separate keys for different services/environments
  • Access Monitoring: Monitor API key usage through dashboard analytics
For production environments, consider using a secrets management service like AWS Secrets Manager, HashiCorp Vault, or Azure Key Vault to automatically rotate keys.

Key Permissions

Permission LevelDescriptionRecommended Use
Read-OnlyView resources, cannot modifyReporting, monitoring
StandardCreate/read/update operationsMost integrations
AdminFull access including deletionsAdministrative operations

Security Features

Audit Logging

All API requests are logged with:
  • Request timestamp and duration
  • Source IP address and user agent
  • API key used (masked for security)
  • Request and response status codes
Access audit logs through the Terminal dashboard or export via API.