Authentication

API keys

Every request must include your API key. Each key is scoped to a single organization — all data returned is automatically filtered to that organization. You can send the key in any of these headers (all are equivalent):

Header	Example
`x-spotlight-api-key`	`x-spotlight-api-key: sk_live_...`
`x-api-key`	`x-api-key: sk_live_...`
`spotlight-api-key`	`spotlight-api-key: sk_live_...`
`Authorization` (Bearer)	`Authorization: Bearer sk_live_...`

We recommend using x-spotlight-api-key as the canonical header name for clarity.

Getting a key

Go to Settings → API in the Spotlight app.
Copy the key shown on the page.
Keep it secret — treat it like a password.

Authentication errors

Status	Message	Fix
`401`	`Missing Spotlight API key`	Add one of the headers above to your request.
`401`	`Invalid API key`	The key was not found or has been revoked. Check the Settings page for your current key.

Rate limiting

API keys have a quota on the number of requests per minute, configurable per organization (default: 120 req/min). When the limit is exceeded the API returns 429 Too Many Requests.

Example

curl -s \
  -H "x-spotlight-api-key: YOUR_API_KEY" \
  "https://app.get-spotlight.com/api/v1/brands"

PaginationHow paging works across list endpoints.

⌘I

API keys
Getting a key
Authentication errors
Rate limiting
Example

Get Started

API Reference

API keys

Getting a key

Authentication errors

Rate limiting

Example

Get Started

API Reference

Documentation Index

​API keys

​Getting a key

​Authentication errors

​Rate limiting

​Example

API keys

Getting a key

Authentication errors

Rate limiting

Example