Authentication - Recnote API

All requests are authenticated with an API key that Recnote issues to your organisation. During the integration and testing phase you get a single key to work against; we agree on the long-term authentication model (per-user keys, environment separation, rotation policy) once the integration takes shape.

Sending the key

Pass it in either header:

Authorization: Bearer rec_sk_your_key_here

X-API-Key: rec_sk_your_key_here

Verify

curl https://api.recnote.ai/api/v1/ping \
  -H "Authorization: Bearer rec_sk_your_key_here"

{ "ok": true, "service": "recnote-api", "version": "1" }

Handling

Treat the key as a secret. Store it in your secrets manager, never in source control or client-side code.
Keys are prefixed rec_sk_ so leaked keys are flagged by secret scanners.
All traffic is TLS 1.2+. Requests over plain HTTP are rejected.

A missing or invalid key returns 401 Unauthorized.

​Sending the key

​Verify

​Handling

Sending the key

Verify

Handling