Reference

Authentication

Two paths: machines call the API with a key, and people sign in to the dashboard by magic link. The key authorizes API calls; the session authorizes the dashboard.

Machines: X-API-Key

Send X-API-Key: sk_live_... on every request to /economics, /estimate, and /geocode. The widget embed carries the key in its URL. Free keys have a daily call limit; Pro lifts it. See the REST API for request shapes.

People: magic link

To reach the dashboard, request a link, click it in your inbox, and the verify step returns a session.

1. Request a link

POST /auth/request

curl -X POST https://solarapi-api.157.90.161.30.sslip.io/auth/request \
  -H "Content-Type: application/json" \
  -d '{"email": "you@example.com"}'

2. Verify the token

The email links to /auth/verify with a one-time token. Verifying it returns your session, which the dashboard stores in the browser.

POST /auth/verify

curl -X POST https://solarapi-api.157.90.161.30.sslip.io/auth/verify \
  -H "Content-Type: application/json" \
  -d '{"token": "<token-from-email-link>"}'

In the browser you do not run these by hand. Use the log-in page and the link drops you back into a signed-in session.

Create and rotate keys

Open the dashboard, click New key, and copy the secret. It shows once, so store it somewhere safe. To rotate, create a fresh key, point your embeds and calls at it, then delete the old one. Deleting a key takes effect at once, so swap first.