Authentication
API keys, bearer tokens, and key rotation.
Updated May 12, 2026·1 min read
The Unison API uses bearer-token authentication. Every request must
include an Authorization: Bearer <key> header. Requests without one return
a 401.
Generating a key
- 1Open Settings → API keys in the dashboard.
- 2Click Create key, give it a name, and pick the scopes you need.
- 3The key is shown once. Copy it into your secret store immediately.
Key format
Keys look like unison_live_<32 chars> for production and
unison_test_<32 chars> for the sandbox environment. The prefix lets you
spot at a glance which environment a key belongs to.
bash
curl https://api.unison.ink/v1/me \
-H "Authorization: Bearer unison_live_d3f8a..."Scopes
| Scope | Purpose |
|---|---|
posts:write | Create, update, and delete scheduled posts. |
posts:read | Read post status and history. |
inbox:read | Read unified-inbox messages. |
inbox:write | Reply to inbox messages. |
analytics:read | Read aggregated analytics. |
Rotating a key
API keys can be rotated without downtime: create a new key, deploy it, and revoke the old one. There is no expiry on keys by default. We recommend rotating every 90 days regardless.
Treat keys like passwords. Never commit them, never log them, and never share them in support tickets. If a key leaks, revoke it immediately from the dashboard.
Was this helpful?