Documentation menu

api

API authentication

Scoped bearer keys, shown once, hashed at rest.

Last updated 2026-07-10

Keys

Mint keys from the studio or via the connect flow. A key is scoped, displayed exactly once, and only its hash is stored. Rotate by revoking and minting a new one.

curl
curl https://cadenza.media/api/v1/models -H "Authorization: Bearer cadk_..."

Scopes

read, generate, brand, publish, and *. Each endpoint declares its required scope in the overview table; a key without the scope receives 403 with an explanatory message.

Sessions

Signed-in browser requests authenticate with the session cookie and behave identically to a full-scope key for your own account. One identity backs web, REST, and MCP.

Security considerations

  • Never commit a key; the connect flow exists so you never have to.
  • Use the narrowest scope that works: automation that only reads plans needs only read.
  • Revoking a key takes effect immediately.
API authentication | Cadenza Docs