Cannon Studio
Authentication

Authenticate every API call with a developer key.

Cannon Studio API requests are authenticated with API keys created in the developer console. Keys can be used in the `x-api-key` header or as a bearer token.

Start HereOperationsReference
Open ConsoleOpenAPI Spec

Headers

x-api-key: cs_live_...

Recommended for direct server-to-server requests.

Authorization: Bearer cs_live_...

Supported if your existing client stack expects bearer auth.

Key management

  • Create keys from the developer console under API Keys.
  • Keys are masked after creation and the full secret is not shown again.
  • Use `GET /api/v1/status` to confirm a key is valid before creating work.
  • Revoke compromised or retired keys immediately from the console.

Best practices

  • Keep API keys on the server side only.
  • Use separate keys for local, staging, and production environments.
  • Pair writes with `x-idempotency-key` so retries do not create duplicate work.