SoftSolzSoftSolz
HomeAPI GuideAPI ReferenceWidget Tester

Authentication

Secret keys, public keys, scopes, and sandbox vs live.

SoftSolz uses two kinds of keys.

KeyPrefixUsed forWhere
Secret keysk_test_* / sk_live_*Server-to-server API callsBackend only - never ship in a browser
Public keypk_test_* / pk_live_*Embed widgetsSafe in the browser, locked to a domain allowlist

Legacy svai_test_* / svai_live_* secret keys keep working.

Secret keys

Send the key as a Bearer token:

bash
curl https://app.softsolz.uk/api/v1/services/forms/forms \
-H "Authorization: Bearer sk_live_your_key"

Test vs live

sk_test_* keys route to your paired sandbox workspace; sk_live_* keys hit live data. Test keys never see live data, and live keys never see sandbox data.

Scopes

Every key carries service.<service>.<action> scopes (for example service.forms.submit). A request missing the required scope returns 403 with code: missing_scope. A key can only be created with scopes the creator's role already grants.

Keep secret keys secret

sk_* keys grant full server access. Store them in your server environment, never in client-side code or a public repo. Rotate immediately if one leaks.

Caps

Up to 100 active API keys per workspace.