Authentication

The Synced API uses API keys passed as Bearer tokens to authenticate requests. Every request must include a valid API key in the Authorization header.

Obtaining an API Key

Generate API keys from the Synced dashboard. See the Generate API Keys guide for step-by-step instructions.

API keys are prefixed with sk_live_ for production and sk_test_ for test environments.

Making Authenticated Requests

Include your API key in the Authorization header using the Bearer scheme:

curl https://api.meetsynced.com/v1/meetings \
  -H "Authorization: Bearer sk_live_your_api_key" \
  -H "Content-Type: application/json"

Keep your keys secret

Never expose API keys in client-side code, public repositories, or browser requests. Always use environment variables and make API calls from your server.

Error Responses

Authentication errors return standard HTTP status codes with a JSON error body:

401 Unauthorized

Returned when the API key is missing, malformed, or has been revoked.

{
  "error": {
    "code": "unauthorized",
    "message": "Invalid or missing API key. Provide a valid key in the Authorization header."
  }
}

403 Forbidden

Returned when the API key is valid but does not have the required scope for the requested resource.

{
  "error": {
    "code": "forbidden",
    "message": "Your API key does not have the required scope for this resource."
  }
}

Rate Limiting

The API enforces rate limits to ensure fair usage. Limits are applied per API key:

100 requests per minute for standard endpoints
10 requests per minute for AI-powered endpoints (e.g., recommended slots)

Rate-limited responses return a 429 Too Many Requests status with the following headers:

HTTP/1.1 429 Too Many Requests
Retry-After: 32
X-RateLimit-Limit: 100
X-RateLimit-Remaining: 0
X-RateLimit-Reset: 1700000000

Retry-After header

When you receive a 429 response, wait the number of seconds specified in the Retry-After header before making another request.