Skip to main content
API keys are used to authenticate requests to the Stigg REST API. Include your key in the X-API-KEY header with every request: 
curl -X GET "https://api.stigg.io/api/v1/customers" \
  -H "X-API-KEY: your-server-api-key" \
  -H "Content-Type: application/json"
The REST API accepts any server key — either the default full access key or a user-created scoped key (Scale plan).

REST SDK

import Stigg from '@stigg/rest-client';

const stigg = new Stigg({
  apiKey: process.env.STIGG_SERVER_API_KEY,
});

Authentication errors

If the key is missing, invalid, or expired, the API returns 401 Unauthorized: 
{
  "error": {
    "code": "UNAUTHENTICATED",
    "message": "Invalid or missing API key"
  }
}
If you use a scoped key that lacks permission for the requested resource, the API returns 403 Forbidden.

Key management

For key types, creating scoped keys, rotation, revocation, and access control, see the full API key management guide:

API key management