Every request to the OnePerfectSlice API requires a Bearer token in theDocumentation Index
Fetch the complete documentation index at: https://docs.oneperfectslice.ai/llms.txt
Use this file to discover all available pages before exploring further.
Authorization header.
sk_ and are created in Org Settings. Don’t have one yet? Follow the Getting Started guide.
How authentication works
Each API key is scoped to a single team. When you make a request, OnePerfectSlice verifies the key and returns only data visible to that team.- One key, one team — a key created for Team A cannot read Team B’s data
- Org-level isolation — requests for resources in a different organization return
404(not403) to prevent leaking whether a resource exists
Managing your API keys
Org Admins can manage keys from Org Settings → API Keys:| Action | What it does |
|---|---|
| Create | Generate a new key for a specific team. The key is shown once — copy it immediately. |
| View | See all keys across your org, including name, team, and last-used timestamp |
| Revoke | Permanently disable a key. Takes effect immediately — any in-flight requests will fail. |
OnePerfectSlice never stores your raw key. If you lose a key, create a new one and revoke the old one.
Authentication errors
If authentication fails, the API returns a401 with an error code like MISSING_TOKEN, INVALID_TOKEN, TOKEN_REVOKED, or TOKEN_EXPIRED. See the Errors page for the full reference.
Security best practices
- Use environment variables — store keys in
.envor your secrets manager, never in source code - Create separate keys for each use case (production, staging, MCP server, Zapier)
- Rotate keys regularly — create a new key, update your integrations, then revoke the old one
- Revoke compromised keys immediately — revocation takes effect on the next request
- Never expose keys in client-side code, git repos, logs, or error messages