Authentication
The Spyglasses API uses API key authentication. Each property has a unique API key that grants access to that property's data.
API Key Format
Spyglasses API keys follow this format:
The sg_ prefix identifies it as a Spyglasses API key.
Finding Your API Key
- Log in to your Spyglasses dashboard
- Select your property from the sidebar
- Navigate to Settings
- Locate the API Key section
- Click the copy button to copy your key
Using Your API Key
Include your API key in the x-api-key header of every request:
Example with POST Request
For POST requests, also include the Content-Type header:
Property ID vs API Key
Some endpoints require a propertyId parameter. This is different from your API key:
- API Key (
sg_XXX...) - Used for authentication in thex-api-keyheader - Property ID (
cm9XXX...) - Used to identify which property's data you want to access
To get your property ID, call the /api/me endpoint:
The response includes your propertyId:
Security Best Practices
Your API key grants full access to your property's analytics data. Keep it secure!
Do
- Store API keys in environment variables
- Use server-side code to make API requests
- Rotate keys if you suspect they've been compromised
Don't
- Commit API keys to version control
- Expose API keys in client-side JavaScript
- Share API keys in public forums or documentation
Regenerating Your API Key
If your API key is compromised, you can regenerate it:
- Go to your property Settings
- Find the API Key section
- Click Regenerate API Key
- Update your integrations with the new key
Regenerating your API key immediately invalidates the old key. Make sure to update all your integrations.