API Key Authentication
Stable Sea uses API keys to authenticate your requests. You can generate them from the Terminal.
API keys are shown only once at the time of creation. Be sure to copy and
store them securely — they cannot be retrieved from the dashboard after
creation.
Authorization header with: Bearer <api-key>
Request Example
curl -X GET "https://api-sandbox.stablesea.com/v1/organizations" \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json"
API Key Management
Key Types
- Sandbox Keys: 64-character hexadecimal strings for development and testing
- Production Keys: 64-character hexadecimal strings for live transactions
API keys are 64-character lowercase hexadecimal strings (e.g., a1b2c3d4e5f6789012345678901234567890abcdef1234567890abcdef123456)
Security Best Practices
Never commit API keys to version control or include them in client-side code.
Always use environment variables or secure secret management systems.
- Environment Variables: Store keys in environment variables, never in code
- Key Rotation: Rotate keys every 90 days for enhanced security
- Scope Limitation: Use separate keys for different services/environments
- Access Monitoring: Monitor API key usage through dashboard analytics
For production environments, consider using a secrets management service like
AWS Secrets Manager, HashiCorp Vault, or Azure Key Vault to automatically
rotate keys.
Key Permissions
| Permission Level | Description | Recommended Use |
|---|
| Read-Only | View resources, cannot modify | Reporting, monitoring |
| Standard | Create/read/update operations | Most integrations |
| Admin | Full access including deletions | Administrative operations |
Security Features
Audit Logging
All API requests are logged with:
- Request timestamp and duration
- Source IP address and user agent
- API key used (masked for security)
- Request and response status codes
Access audit logs through the Terminal dashboard or export via API.
