Authentication
SocialRouter uses bearer token authentication. Include your API key in the Authorization header on every request.
Never commit API keys to version control. Use environment variables and rotate keys quarterly.
API key format
All API keys start with sr_ followed by an environment prefix and a unique identifier:
sr_prod_aF93kn28dnQpMzx8kd # Production key
sr_dev_kJ29djKxnA8aFaj3mf # Development key
sr_test_oP38aFbXcVnMq9wn # Testing keyAuthenticating requests
import socialrouter
# Option 1: Pass directly
client = socialrouter.Client("sr_prod_your_key")
# Option 2: Environment variable (recommended)
import os
client = socialrouter.Client(os.environ["SOCIALROUTER_API_KEY"])Errors
| Code | Error | Meaning |
|---|---|---|
| 401 | missing_credentials | No Authorization header sent. |
| 401 | invalid_credentials | Key is malformed, expired, or doesn't exist. |
| 403 | key_revoked | Key was manually revoked. Create a new key. |
| 429 | rate_limited | Too many requests. See Retry-After header. |
| 402 | insufficient_credits | Account balance is zero. Top up to continue. |
Rotating keys
Best practice: rotate keys quarterly or whenever team membership changes. To rotate:
- Create a new key in the dashboard
- Deploy your application with the new key
- Verify the new key is working (check recent calls)
- Revoke the old key
Old keys continue working until you explicitly revoke them — no surprise outages.