Authentication
How to authenticate requests to the Slatis API using secret and public API keys.
API Keys
You can create API keys from your organization's Settings → API Keys page.
Secret keys (sk_live_*)
Use secret keys for server-to-server integrations. They have access to all scopes your organization has granted:
Never expose a secret key in client-side code.
Public keys (pk_live_*)
Use public keys in browser or mobile apps. They are limited to booking creation and availability:
Scopes
Scopes control what an API key can access. When creating a key you can restrict it to specific scopes:
| Scope | Description |
|---|---|
bookings:create | Create new bookings |
bookings:read-own | Read bookings created via this key |
bookings:read | Read all bookings in the organization |
bookings:update | Update booking attendee details |
bookings:cancel | Cancel bookings |
bookings:manage | All booking operations |
availability:read | Read availability slots |
event-types:read | Read event types and their fields |
webhooks:manage | Create, update, and delete webhooks |
Errors
| Status | Code | Meaning |
|---|---|---|
| 401 | unauthorized | Missing or invalid API key |
| 403 | forbidden | Key does not have the required scope |
| 429 | rate_limited | Request rate exceeded |