Sylica

Authentication

Authentication is bearer-key based and intentionally simple, but secure key handling practices are required for production.

Every API call must include Authorization: Bearer <SYLICA_API_KEY>. If the header is missing, malformed, revoked, or expired, the request fails with 401 authentication_error.

For teams with multiple environments, issue separate keys per environment and service boundary. This gives you cleaner auditing and safe key rotation without cross-service coupling.

Required Header

http
Authorization: Bearer sk-sylica-xxxxxxxxxxxxxxxx

Key Management Instructions

Keep root API keys in server-side secret stores only. For client-facing products, mint short-lived scoped tokens on your backend if direct browser calls are unavoidable. Rotate static keys regularly, and rotate immediately after accidental exposure.

During incident analysis, correlate application logs with x-sylica-request-id from response headers. This request identifier is the fastest path to upstream trace context.