Authentication

Every request to Churro needs a valid API key. Think of it as the secret ingredient — nothing works without it.

API Keys

You can create and manage API keys from the API Keys page in your dashboard. Each key is scoped to your account and carries full privileges.

Keep it secret, keep it safe. Never expose your API keys in client-side code, public repos, or anywhere your abuela might find them and accidentally deploy to production.

Bearer Token

Pass your key as an HTTP Bearer token in the Authorization header.

Terminal

curl https://api.churro.ai/v1/quote \ -H "Authorization: Bearer sk_live_your_key_here"

Requirements

HTTPS onlyAll requests must be over TLS. Plain HTTP calls will be rejected — we don't serve raw dough.

Key requiredUnauthenticated requests return a 401. No key, no churros.

One key per envUse separate keys for development and production. Mixing them is like mixing sugar and salt.