Detail authenticates API requests using Bearer tokens. Include your API key in the Authorization header of every request — the API does not support cookie-based auth or query-string tokens.
Authorization: Bearer dtl_live_YOUR_KEY
Example request
curl https://api.detail.dev/public/v1/user \
-H "Authorization: Bearer dtl_live_YOUR_KEY"
Obtaining an API key
- Sign in at app.detail.dev.
- Navigate to Settings → API Keys.
- Click Create key, give it a name, and copy the key value immediately — it will not be shown again.
API keys come in two types, distinguished by their prefix:
| Prefix | Use |
|---|
dtl_live_ | Production keys — authenticate against live data |
dtl_test_ | Test keys — for development and CI environments |
dtl_live_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
dtl_test_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Never embed API keys in client-side code, commit them to version control, or share them in public channels. Use environment variables or a secrets manager to inject keys at runtime.
Error responses
If authentication fails, the API returns a JSON error body alongside the HTTP error status.
| Status | Error type | Cause |
|---|
401 | DETAIL_AUTHENTICATION_ERROR | The Authorization header is missing or the token is invalid |
403 | AUTHORIZATION_ERROR | The token is valid but does not have permission to access the requested resource |
401 response looks like this:
{
"type": "DETAIL_AUTHENTICATION_ERROR",
"message": "Invalid or missing API key",
"statusCode": 401
}
If you receive a 403, check that the API key belongs to an account that has access to the organization or repository you are querying.
