Stash Documentation
Integration GuidesAPI ReferenceWork with Us
API Keys

Using API Keys

Learn how to use API keys to authenticate requests to Stash services. Includes authentication header format and code examples in multiple languages.

Authentication Header

Include your API key in the X-Stash-Api-Key header for all authenticated requests:

X-Stash-Api-Key: your-api-key-secret-here

Make sure API key requests are made from your server, not the client, so the API key remains private.

Code Examples

The following examples show the general pattern for making authenticated API requests. For product-specific examples and detailed integration guides, see the product-specific authentication pages.

cURL

Generic API Request Example
curl -X POST https://api.stash.gg/api/v1/sdk/endpoint \
  -H "X-Stash-Api-Key: your-api-key-secret-here" \
  -H "Content-Type: application/json" \
  -d '{
    "shop_handle": "your-shop-handle",
    ...
  }'

Node.js

Node.js Example
const axios = require("axios");

async function makeAuthenticatedRequest(endpoint, data) {
  const response = await axios.post(
    `https://api.stash.gg/api/v1/sdk/${endpoint}`,
    {
      shop_handle: "your-shop-handle",
      ...data,
    },
    {
      headers: {
        "X-Stash-Api-Key": process.env.STASH_API_KEY,
        "Content-Type": "application/json",
      },
    }
  );
  return response.data;
}

Python

Python Example
import requests
import os

def make_authenticated_request(endpoint, data):
    response = requests.post(
        f'https://api.stash.gg/api/v1/sdk/{endpoint}',
        json={
            'shop_handle': 'your-shop-handle',
            **data
        },
        headers={
            'X-Stash-Api-Key': os.environ['STASH_API_KEY'],
            'Content-Type': 'application/json'
        }
    )
    response.raise_for_status()
    return response.json()

Go

Go Example
package main

import (
    "bytes"
    "encoding/json"
    "net/http"
    "os"
)

func makeAuthenticatedRequest(endpoint string, data map[string]interface{}) (map[string]interface{}, error) {
    reqBody := map[string]interface{}{
        "shop_handle": "your-shop-handle",
    }
    for k, v := range data {
        reqBody[k] = v
    }

    jsonData, err := json.Marshal(reqBody)
    if err != nil {
        return nil, err
    }

    req, err := http.NewRequest("POST",
        "https://api.stash.gg/api/v1/sdk/"+endpoint,
        bytes.NewBuffer(jsonData))
    if err != nil {
        return nil, err
    }

    req.Header.Set("X-Stash-Api-Key", os.Getenv("STASH_API_KEY"))
    req.Header.Set("Content-Type", "application/json")

    client := &http.Client{}
    resp, err := client.Do(req)
    if err != nil {
        return nil, err
    }
    defer resp.Body.Close()

    var result map[string]interface{}
    if err := json.NewDecoder(resp.Body).Decode(&result); err != nil {
        return nil, err
    }

    return result, nil
}

For product-specific code examples and detailed integration guides, see the product-specific authentication pages.

How is this guide?

API Keys Overview

Learn what API keys are, what they're used for, and how to create them in Stash Studio. Understand the basics of API key authentication for Stash services.

Security and Management

Learn security best practices for API keys, how to manage them, handle errors, and troubleshoot common issues.

On this page

Authentication HeaderCode ExamplescURLNode.jsPythonGoRelated Documentation