API Keys
API keys authenticate your server-to-server requests to the Public API at api.siliconwit.io.
Requirements
Section titled “Requirements”- Paid plan required (Starter, Business, Scale, or Enterprise)
- Free plan users cannot create API keys
- Maximum 5 active keys per account
Creating a Key
Section titled “Creating a Key”- Go to Dashboard → Settings
- Scroll to the API Keys section
- Click Create API Key
- Enter a descriptive name (e.g., “Production Server”, “CI Pipeline”)
- Copy the full key immediately
Key Format
Section titled “Key Format”API keys use the prefix swk_ followed by 24 base62 characters (28 characters total):
swk_AbCdEfGhIjKlMnOpQrStUvWxIn your dashboard, keys are displayed by their prefix only (first 8 characters) for identification.
Using a Key
Section titled “Using a Key”Include your API key as a Bearer token in the Authorization header:
curl https://api.siliconwit.io/v1/devices \ -H "Authorization: Bearer swk_your_full_key_here"See the Public API Reference for all available endpoints.
Managing Keys
Section titled “Managing Keys”From Dashboard → Settings → API Keys, you can:
| Action | Description |
|---|---|
| Create | Generate a new key (up to 5 active) |
| Rename | Change a key’s display name |
| Revoke | Permanently disable a key |
Revoked keys cannot be re-activated. Create a new key instead.
Security
Section titled “Security”Key Storage
Section titled “Key Storage”Keys are stored as SHA-256 hashes in the database. The platform never stores your full key — only you have it.
Automatic Revocation
Section titled “Automatic Revocation”All your API keys are automatically revoked if:
- Your account is suspended by an administrator
- Your paid plan expires (after the 7-day warning period)
- Your subscription is cancelled (e.g., via Paystack)
- An admin downgrades your plan to Free
After revocation, any API requests using those keys will return 401 Unauthorized. If you upgrade again, you will need to create new API keys.
See Account Setup - What Happens on Downgrade for full details.
Best Practices
Section titled “Best Practices”- Use separate keys for different environments (dev, staging, production)
- Rotate keys periodically
- Revoke keys immediately if compromised
- Never commit keys to source control — use environment variables
- Never expose keys in client-side code
Error Responses
Section titled “Error Responses”| Status | Meaning |
|---|---|
| 401 | Missing or invalid API key |
| 403 | Account suspended or on free plan |
Next Steps
Section titled “Next Steps”- Public API Reference — All endpoints and examples
- API Overview — Device API vs Public API