Authentication

All API requests must be authenticated using either an API key or a bearer token.

Use API keys for secure, server-to-server integrations.

x-api-key: tb_live_xxxxxxxxxxxxxxxxx

API keys provide stable, long-lived authentication and are ideal for backend systems.

Use bearer tokens when acting on behalf of a signed-in dashboard user.

Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...

Security Best Practices

Managing API Keys: Keys can be created and rotated in the dashboard under Settings → API Keys.

Never expose API keys in client-side applications (web, mobile, or public code). Always store keys securely in backend systems or secret managers.