API Authentication
Using API Keys
Public Endpoints
Security Best Practices

API Authentication

All authenticated API requests require an API key passed in the request headers.

Using API Keys

Include your API key in the X-Api-Key header:

curl "https://api.cubestack.app/api/v1/{project}/{cube}" \
  -H "X-Api-Key: your-api-key"

Public Endpoints

Cubes with public access enabled can be accessed without authentication:

curl "https://api.cubestack.app/api/v1/{project}/{cube}"

Public endpoints only return columns marked as public in the cube settings.

Security Best Practices

Store API keys in environment variables, not in source code
Use public access for client-side applications
Use API keys only in server-side code
Rotate keys if you suspect they’ve been compromised

API Overview Errors