Authentication

Overview

The Stanna API uses API keys to authenticate requests. API keys can be created and managed through your dashboard settings page.

Creating an API Key

Navigate to Settings

Go to your Stanna Dashboard and click on Settings in the navigation

Find API Keys Section

Scroll down to the API Keys section at the bottom of the settings page

Create New Key

Click the Create New Key button and provide a descriptive name for your key

Copy Your Key

Copy the generated API key immediately - it won’t be shown again for security reasons

Using Your API Key

There are two ways to include your API key in requests:

Method 1: Authorization Header (Recommended)

curl -X GET "https://api.gostanna.com/api/clients?workspaceId=yourcompany.com" \
  -H "Authorization: Bearer sk-your-api-key-here"

Method 2: X-API-Key Header

curl -X GET "https://api.gostanna.com/api/clients?workspaceId=yourcompany.com" \
  -H "X-API-Key: sk-your-api-key-here"

Example: Testing Your API Key

Here’s a simple test to verify your API key is working:

curl -X GET "https://api.gostanna.com/api/metrics/summary?workspaceId=yourcompany.com" \
  -H "Authorization: Bearer sk-your-api-key-here"

Security Best Practices

Never expose your API keys in client-side code, public repositories, or insecure locations.

Do’s

Store API keys in environment variables
Use server-side code to make API calls
Rotate keys regularly
Create separate keys for different environments (dev, staging, prod)
Delete unused keys promptly

Don’ts

Don’t embed keys in client-side JavaScript
Don’t commit keys to version control
Don’t share keys via email or chat
Don’t use the same key across multiple applications

Managing API Keys

You can manage your API keys through the settings page:

View active keys: See all your active API keys and their last usage
Delete keys: Remove keys that are no longer needed
Monitor usage: Track when each key was last used

Troubleshooting

Common Error Messages

Error	Cause	Solution
`401 Unauthorized`	Missing or invalid API key	Check that your key is correct and properly formatted
`403 Forbidden`	Valid key but wrong workspace	Ensure the workspaceId matches your key’s workspace
`429 Too Many Requests`	Rate limit exceeded	Reduce request frequency or implement exponential backoff

Testing Authentication

To test if your authentication is working correctly:

curl -I -X GET "https://api.gostanna.com/api/metrics/summary?workspaceId=yourcompany.com" \
  -H "Authorization: Bearer sk-your-api-key-here"

A successful response will return HTTP/2 200. If you see 401 or 403, check your API key and workspace ID.

Getting Started

Endpoints

Reference

Overview

Creating an API Key

Using Your API Key

Method 1: Authorization Header (Recommended)

Method 2: X-API-Key Header

Example: Testing Your API Key

Security Best Practices

Do’s

Don’ts

Managing API Keys

Troubleshooting

Common Error Messages

Testing Authentication

Getting Started

Endpoints

Reference

​Overview

​Creating an API Key

​Using Your API Key

​Method 1: Authorization Header (Recommended)

​Method 2: X-API-Key Header

​Example: Testing Your API Key

​Security Best Practices

​Do’s

​Don’ts

​Managing API Keys

​Troubleshooting

​Common Error Messages

​Testing Authentication

Overview

Creating an API Key

Using Your API Key

Method 1: Authorization Header (Recommended)

Method 2: X-API-Key Header

Example: Testing Your API Key

Security Best Practices

Do’s

Don’ts

Managing API Keys

Troubleshooting

Common Error Messages

Testing Authentication