Skip to main content

Documentation Index

Fetch the complete documentation index at: https://dev.1st.app/llms.txt

Use this file to discover all available pages before exploring further.

Send your key in the Authorization header on every request: 
Authorization: Bearer YOUR_API_KEY
That’s it. The key already knows which team you’re on, so you never pass a team ID.

Create or revoke a key

Both happen at dashboard.1st.app/integrations/api-keys. You’ll see the new key once on the screen; copy it somewhere safe because it won’t show again. If a key leaks, click Revoke on the same page. The kill takes effect within seconds. Then create a fresh one.

Where to store your key

  • In a secret manager (Doppler, AWS Secrets Manager, Vercel env vars, GitHub Actions secrets).
  • Or as an environment variable in your script (ST_API_KEY is the name our examples use).
Never commit it to a repo, paste it into a Notion doc, or share it in Slack. Pasting it into Claude or ChatGPT to ask for help is fine, but treat that key as exposed afterwards and rotate it when you’re done.

Keys can expire

When you create a key, you can pick an expiry (90 days, 1 year, or never). After that date passes, the key stops working and you get an api_key_expired error. Rotate before it expires by creating a new key, swapping it into your integration, then revoking the old one.

Errors

CodeWhat happened
api_key_missingNo Authorization header on the request.
api_key_invalidHeader malformed or the key isn’t recognized.
api_key_revokedThe key was revoked. Create a new one.
api_key_expiredThe key passed its expiry date. Create a new one.
insufficient_scopeYour key is read-only but you tried to change something. Create a read+write key.