Authentication
All Straply API requests require authentication via a Bearer token in the Authorization header.
API key format
Section titled “API key format”API keys use the following prefix format:
| Prefix | Environment | Usage |
|---|---|---|
stp_live_ | Production | Live property data, counts toward your plan limits |
stp_test_ | Sandbox | Returns mock data, does not count toward limits |
Example key: stp_live_a1b2c3d4e5f6g7h8i9j0
Making authenticated requests
Section titled “Making authenticated requests”Include your API key in the Authorization header as a Bearer token:
curl https://api.straply.com/v1/properties/stp_a3f7c2e91b4d \ -H "Authorization: Bearer stp_live_YOUR_KEY"Key management
Section titled “Key management”You can manage your API keys from the Dashboard:
- Create new keys at any time
- Revoke compromised keys immediately
- Roll a key to generate a new one while keeping the same permissions
Revoked keys return a 401 Unauthorized response immediately.
Security best practices
Section titled “Security best practices”- Store API keys in environment variables, not in source code
- Use test keys (
stp_test_) during development - Rotate keys periodically
- Use separate keys for separate applications
- Never expose keys in client-side code or public repositories
Error responses
Section titled “Error responses”If authentication fails, the API returns:
{ "error": { "code": "unauthorized", "message": "Invalid or missing API key.", "status": 401 }}See the Errors reference for all error codes.