API Keys
API keys allow your backend services to make authenticated calls to the SpartanAuth API without a user JWT — useful for administrative operations like creating invites, listing users, or managing sector settings programmatically.
Creating an API key
Section titled “Creating an API key”- In the dashboard, navigate to your sector and click API Keys
- Click New API Key
- Give the key a descriptive name (e.g., “Backend service - prod”)
- Click Create and copy the key immediately — it will not be shown again
Using an API key
Section titled “Using an API key”Include the API key in the Authorization header as a Bearer token:
Authorization: Bearer <your-api-key>The SpartanAuth API accepts both user JWTs and API keys in the same header. API key requests are identified server-side and granted admin-level access to the sector they belong to.
Rotating an API key
Section titled “Rotating an API key”To rotate a key, create a new one, update your deployment’s environment variable to use the new key, and then delete the old key from the dashboard.
API key vs. user JWT
Section titled “API key vs. user JWT”| API Key | User JWT | |
|---|---|---|
| Issued to | Your backend service | An end user |
| Scope | Admin access to a sector | User’s own access |
| Expires | Never (until deleted) | After a configured TTL |
| Use case | Server-to-server operations | User requests from your frontend |