> ## Documentation Index
> Fetch the complete documentation index at: https://docs.storytime.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Generating an API Key

The Storytime API uses **API keys** sent as a Bearer token. Every request to a `/v1/*` endpoint must include:

<ParamField path="Authorization" header="Authorization" type="string">
  Bearer pk\_live\_xxxxxxxxxxxxxxxxxxxxxxxx
</ParamField>

Keys are prefixed `pk_live_…` (production).

Treat a key like a password — it carries your brand's access.

## Generating a key

API keys are created from the Storytime brand dashboard:

1. Go to your **Profile → Developers → API Keys**
2. Click **Create key** and give it a name (e.g. `Production`, `Zapier`), and select the **scopes** it needs.
3. Optionally set an **expiry** (30 days / 90 days / 1 year); otherwise the key never expires.
4. **Copy the key immediately** — for security the full token is shown **only once** and cannot be retrieved again. Store it in a secrets manager.

<Warning>
  Don't see the Developers section? API access is enabled per brand — contact Storytime support to turn it on for your account.
</Warning>

## Scopes

(grant the minimum a key needs)

| Scope            | Grants                  |
| ---------------- | ----------------------- |
| `campaigns:read` | Read campaigns          |
| `campaigns:writ` | Create & edit campaigns |
| `analytics:read` | Read campaign analytics |

## Managing Keys

* **Rotate:** create a new key, update your integration, then revoke the old one - zero downtime (you can hold multiple active keys).
* **Revoke:** revoke a key from the dashboard at any time. Requests with a revoked or expired key are rejected immediately with **401**
* **Rate limit:** each key is limited to **600 requests/minute**. Exceeding it returns **429** `RATE_LIMITED`
