API Authentication
All API requests require authentication using an API key.
Getting an API Key
Sign in
Sign in to your OpenSync dashboard
Open Settings
Click your profile icon and select Settings
Generate Key
Click Generate API Key
Copy the key
Copy and securely store your API key. It won’t be shown again.
Using Your API Key
Include your API key in the Authorization header:
curl -H "Authorization: Bearer YOUR_API_KEY" \
https://your-deployment.convex.site/api/sessions
osk_7a8b9c0d1e2f3g4h5i6j7k8l9m0n
Security Best Practices
- Never commit API keys to version control - Use environment variables to
store keys - Rotate keys if they may be compromised - Use separate keys for
different environments
Environment Variables
# .env file
OPENSYNC_API_KEY=osk_your_api_key_here
// In your code
const apiKey = process.env.OPENSYNC_API_KEY;
Rate Limits
| Plan | Requests/minute | Requests/day |
|---|
| Free | 60 | 1,000 |
| Pro | 300 | 10,000 |
Contact us if you need higher limits for your use case.
Revoking Keys
To revoke an API key:
- Go to Settings in the dashboard
- Find the key you want to revoke
- Click Revoke
Revoked keys immediately stop working.
