Authentication
Criffy public data integrations use a Bearer API key. Dashboard account actions use a signed-in session and are not part of the Bearer-auth data API.1. Bearer API keys for public data
All public data endpoints under/api/v1/* require a Bearer API key and an active Pro+ subscription.
invalid_api_keysubscription_required
2. Managing your key
Generate, rotate, or revoke your API key from the Criffy dashboard:- Buy or upgrade to a Pro+ plan.
- Sign in to your account.
- Open Settings -> API.
- Manage the key and usage there.
Practical guidance
- Use Bearer API keys for backend-to-backend access to public data.
- Do not expose API keys in browser or mobile client code.
- Store the plaintext key securely when it is created or regenerated. It is only shown once.
- Rotate the key from Settings -> API if it is exposed.
- Check current monthly usage from Settings -> API.
- Use the dashboard for key management, and use Bearer authentication for external integrations.

