Authentication
Relay authenticates every API request with an API key passed as a Bearer token.
Create keys in the console under API keys. A key is shown in full exactly once at creation — store it somewhere safe. Relay only ever keeps a SHA-256 hash of it, so a leaked database never exposes a usable key.
Authorization: Bearer esk_live_7Qh...2vGood practice
- Keep keys in environment variables, never in source control.
- Use a separate key per service so you can revoke one without downtime.
- Revoking a key takes effect immediately — the next request with it gets
401 unauthorized.
A missing or unknown key returns { "error": "unauthorized" } with status 401.