Authentication
API keys, project headers, and common auth failure modes for the Frametail HTTP API.
Programmatic access uses organization-level API keys together with a project key (slug) so every request is scoped to one workspace project.
Required headers
| Header | Description |
|---|---|
Authorization | Bearer token using your Frametail API key: Authorization: Bearer ft_.... Sending the raw key without the Bearer prefix is also accepted. |
X-Project-Key | The project key (slug) for the project you are acting on. This must match a project that belongs to the same organization as the API key. |
If either value is missing or invalid, the API returns 401 or 400 with a JSON error message.
API key format
Keys created in the dashboard are prefixed with ft_. Treat them like passwords: store them in a secret manager, rotate them on a schedule, and never embed them in client-side web bundles.
Project resolution
The project key in X-Project-Key is resolved to your project within the organization tied to the API key. If the slug does not exist for that organization, the API responds with 404 and a clear error string.
Errors you will see
| HTTP status | Typical cause |
|---|---|
| 400 | Missing X-Project-Key, malformed JSON body, or invalid args query encoding on GET requests. |
| 401 | Missing Authorization, wrong key format, or key failed validation. |
| 404 | Unknown project key for the organization, or unknown resource id in the path. |
| 500 | Unexpected failure while processing the request; retry with backoff. |
See Errors for the response shape and integration tips.
Dashboard sign-in vs API keys
Signing in to the product UI (for example with your identity provider) is separate from API keys. API keys are for servers, CI, and trusted backends only.