Docs

Authentication

Every public API request is authenticated with a workspace API key. The key identifies your workspace — treat it like a password.

Creating a key

  1. In the app, go to API Keys.
  2. Create a key and give it a name (e.g. "Landing page").
  3. Copy it immediately — the full key is shown only once. If you lose it, revoke it and create a new one.

Keys can be revoked at any time from the same page; a revoked key stops working instantly.

Sending the key

Pass the key on every request in either of these headers:

Authorization: Bearer YOUR_API_KEY

or

X-API-Key: YOUR_API_KEY

Authorization: Bearer is the recommended form.

Example

curl https://crm.api.kushicorp.com/public/v1/collections/COLLECTION_ID/schema \
  -H "Authorization: Bearer YOUR_API_KEY"

A missing or invalid key returns 401:

{ "error": "invalid or missing API key" }

Keep keys server-side where you can. If a key must live in client-side/browser code (e.g. a static landing page), scope your use to record creation and rotate the key if it's ever exposed.