Authentication
All API requests require authentication via an API key. Keys are scoped to your organization and can be created in the dashboard.Sending your API key
Include your key in one of these headers (in order of preference):API key format
All keys use thedl_ prefix followed by a random string:
Scopes
Each API key has one or more scopes that control what it can access:| Scope | Grants access to |
|---|---|
equipment:read | GET /v1/equipment, GET /v1/equipment/:id, GET /v1/equipment/:id/flights |
project:read | GET /v1/projects, GET /v1/projects/:id |
service:read | GET /v1/services, GET /v1/services/:id |
403 Forbidden error.
Creating API keys
- Go to Settings > API Keys
- Click Create API Key
- Name the key (e.g., “Production integration”)
- Select the scopes you need
- Optionally set an expiration date
- Copy the generated key immediately
Security best practices
Use the minimum scopes needed
Use the minimum scopes needed
Only grant the scopes your integration actually requires. You can always create additional keys with different scopes for different services.
Set expiration dates
Set expiration dates
For temporary integrations or testing, set an expiration date. Expired keys automatically stop working.
Rotate keys regularly
Rotate keys regularly
Create a new key, update your integration, then revoke the old one. This limits exposure if a key is compromised.
Never expose keys in client-side code
Never expose keys in client-side code
API keys should only be used in server-side code. Never include them in browser JavaScript, mobile apps, or public repositories.
Error responses
| Status | Meaning |
|---|---|
401 Unauthorized | Missing or invalid API key |
403 Forbidden | Key is valid but lacks the required scope |