Authentication
Two ways to authenticate — use whichever fits your integration.
Method 1: x-api-key header (recommended)
Best for server-side calls where you control the request headers.
bash
curl -X POST https://schemacheck.dev/api/v1/validate \
-H "x-api-key: sc_live_your_key_here" \
-H "Content-Type: application/json" \
-d '{"url": "https://example.com"}'Method 2: access_key query parameter
Useful for quick browser testing and GET requests.
bash
curl "https://schemacheck.dev/api/v1/validate?url=https://example.com&access_key=sc_live_your_key_here"API key format
All API keys follow the pattern: sc_live_ followed by 32 hex characters.
Keep your API key secret. Treat it like a password. If exposed, rotate it immediately via POST /api/auth/keys.
Authentication errors
| Code | HTTP | Meaning |
|---|---|---|
| missing_api_key | 401 | No key provided |
| invalid_api_key | 401 | Key not found |
| inactive_api_key | 403 | Key has been deactivated |
| quota_exceeded | 429 | Free plan at 100/month limit |
| rate_limit_exceeded | 429 | Too many requests per minute |