Skip to main content
SkillDiscs uses bearer-token authentication. Every request must include your API key in the Authorization header.
Authorization: Bearer sk_your_key_here

Generating keys

Keys live under Settings → API Keys.
  • Click Generate, give the key a memorable name.
  • The full sk_... token is shown once at creation.
  • Only the prefix (sk_a3f9...) is stored after that — you cannot retrieve a lost key.

Scope

A key is bound to the user who created it. Current production behavior:
  • POST /search searches owned Disks only.
  • GET /disks can list owned and active-saved Disks with scope.
  • GET /disks/{id} can read an owned Disk, or an active-saved Disk when the key owner has saved it.
  • POST /disks/batch is owned-only.
Verbatim source text is only returned for owner-private Disks. Published or saved Disks return redacted shapes with summaries, key points, metadata, and short snippets where available.

Rotation

To rotate:
  1. Generate a new key.
  2. Update your client / agent / .env with the new value.
  3. Delete the old key from Settings.
There is no overlap window enforced — rotate as fast or slow as your deploys allow.

Errors

Statuserror codeCause
401unauthorizedMissing header, malformed token, deleted key
429rate_limit_exceeded>100 req/min on the same key
500internal_errorServer-side issue — retry with backoff
429 responses include retry_after (seconds) in the JSON body.