Get Started / Authentication

Authentication

Converly uses API keys. Send your key as a bearer token on every request. There are no OAuth flows for the REST API itself. OAuth is only used behind the scenes when you connect an ad platform, and the connect popup handles that for you.

Your API key

API access is available on request while the program is in early access. Contact us and we’ll issue you a key. Each key carries the permissions of the account it belongs to.

sk_live_…Authorizes requests to your Converly account.

There is no separate test key. Your key is shown once when it’s created, so store it somewhere safe. You cannot fetch it again.

Making an authenticated request

Send your key in the Authorization header as a bearer token.

Terminal

curl https://app.converly.io/api/v1/account \
  -H "Authorization: Bearer sk_live_…"

Errors

A missing or invalid key returns 401 Unauthorized. A valid key that lacks the permission an endpoint needs returns 403 with insufficient_scope.

401 Unauthorized

{
  "error": {
    "type": "authentication_error",
    "code": "invalid_api_key",
    "message": "No valid API key provided."
  }
}

Keeping your key safe

Call the API from your server, never from browser or mobile client code.

Store keys in environment variables or a secrets manager, never in version control.

If a key leaks, ask us to revoke it and issue a new one. Revoking takes effect immediately.