Authentication
TL;DR
Every request needs Authorization: Bearer sk_test_YOUR_KEY. Sandbox keys start with sk_test_, production with sk_live_.
Every API request requires one header. Optionally, add a second for PMS-scoped operations and a third to choose your response format.
Required Headers
| Header | Value | Description |
|---|---|---|
Authorization | Bearer sk_test_... | Your API key |
Optional Headers
| Header | Description |
|---|---|
X-Account-Id | PMS account UUID — required for passthrough and some operations |
X-Schema | Response format: calry (default), calry-v1, native |
Idempotency-Key | Unique ID for POST/PUT/PATCH — prevents duplicate operations |
API Key Modes
sk_test_*Pre-seeded test data. Safe for development. Includes failure scenarios.
sk_live_*Real PMS and OTA data. Connect via the widget first.
Key Format
Newly issued keys follow Stripe's convention: an environment prefix (sk_test_ or sk_live_) followed by a 24-character random body, for a total length of 32 characters. Example:
sk_test_4eB3p2N9aZ1QrT8VkLm0XYZw # sandbox sk_live_9HgT7yWxM3nP4vK2bC0fDqUz # production
The prefix tells the API which environment to route the request to and makes leaked keys easier to spot in logs. The 24-character base62 body provides the same entropy (~142 bits) as the previous bare-hex format.
Legacy Keys
No rotation required
Bare 32-character hex keys issued before the prefix migration continue to work indefinitely. Keep using them, or generate a new prefixed key from the dashboard whenever you're ready.
Legacy keys can be sent either bare (Authorization: Bearer 4eB3p2N9...) or wrapped in the prefix (Authorization: Bearer sk_test_4eB3p2N9...) — both formats validate.
Example Request
curl https://api.repull.dev/v1/properties \ -H "Authorization: Bearer sk_test_YOUR_KEY" \ -H "X-Schema: calry"
Error Responses
Invalid or missing auth returns a structured error with a link to this page:
{
"error": {
"code": "unauthorized",
"message": "Missing Authorization (Bearer) header",
"docs_url": "https://repull.dev/docs/guides/authentication",
"example": "curl /v1/properties -H \"Authorization: Bearer sk_test_KEY\""
}
}