OceanirDocs

Dashboard
OverviewAPI ReferenceGuidesEnterpriseChangelog
← Back to Docs
Identity & Access
Authentication
API Keys
Rate Limits
Errors
Authentication

Authentication

All API requests must include a valid API key in the Authorization header. This page covers how to authenticate, manage keys, and handle auth errors.

Bearer token authentication

Include your API key in the Authorization header using the Bearer scheme. Requests without a valid key receive a 401 Unauthorized response.

Authorization: Bearer orca_live_xxxxxxxxxxxxxxxx

API key format

Oceanir API keys use the format orca_<env>_<32-char-random>. Keys are hashed before storage and cannot be recovered if lost.

PrefixEnvironment
orca_live_Production
orca_test_Sandbox (no credits deducted)

Security practices

  • —Never commit API keys to version control. Use environment variables.
  • —Rotate keys every 90 days or immediately if compromised.
  • —Use separate keys for development, staging, and production.
  • —Keys are scoped to your account. Team keys are coming soon.
API KeysRate Limits