Authentication

Relay authenticates every API request with an API key passed as a Bearer token.

Create keys in the console under API keys. A key is shown in full exactly once at creation — store it somewhere safe. Relay only ever keeps a SHA-256 hash of it, so a leaked database never exposes a usable key.

Authorization header
Authorization: Bearer esk_live_7Qh...2v

Good practice

A missing or unknown key returns { "error": "unauthorized" } with status 401.