Authenticating with the Velveteen API
Updated June 13, 2026
Authenticate by sending your API key as a Bearer token in the Authorization header of each request, over HTTPS, to the Velveteen API base URL. The Developer area's Documentation tab lists the exact base URL with cURL and Node examples.
Every API request needs a valid key in the Authorization header. Here is the shape of an authenticated request.
The request
Base URL
The versioned Velveteen API base URL, listed in the Documentation tab.
Authorization header
Send your key as a Bearer token in the Authorization header.
HTTPS
Requests must use HTTPS.
Where to copy exact values
The Developer area includes a Documentation tab with the exact base URL, the authentication header, the scope list, and ready-to-copy cURL and Node examples.
Use that reference as the source of truth, since it always matches the current API.
Tip
Frequently asked questions
How do I pass my key?+
As a Bearer token in the Authorization header of each request.
What is the base URL?+
The versioned Velveteen API base URL shown in the Developer Documentation tab. Use that as the source of truth.
Are there code examples?+
Yes. The Documentation tab has cURL and Node examples, including pagination.
Why am I getting an unauthorized error?+
The key is missing, mistyped, or revoked. Verify the key and the Authorization header.
Related articles
API keys
Create a key with a name and scopes, copy it once at creation, revoke it anytime, and the limit of ten active keys per account.
Overview
Build on Velveteen: API keys, Bearer authentication, scopes, and the catalog, pitching, and royalty endpoints. Available on the Pro and Label plans.
Endpoints
The resource groups the API covers, how pagination works, and the standard error codes the API returns.