Orchpad_
Menu
DocsAPI ReferenceAuthentication

API keys

All API requests require an API key passed as a Bearer token in the Authorization header.

Authorization: Bearer op_live_xxxxxxxxxxxxxxxxxxxx

Generating an API key

  1. Sign in to your Orchpad account
  2. Go to Settings → API Keys
  3. Click Generate new key
  4. Copy the key immediately — it won't be shown again

Key prefixes

PrefixEnvironment
op_live_Production
op_test_Test / sandbox

Use test keys during development. Test keys create projects and trigger builds but nothing is deployed to a live URL.

Passing the key

Include the key in the Authorization header on every request:

curl https://api.orchpad.com/v1/projects \
  -H "Authorization: Bearer op_live_xxxxxxxxxxxxxxxxxxxx" \
  -H "Content-Type: application/json"

Key rotation

To rotate a key: generate a new one in Settings, update your integration, then delete the old key. There is no automatic rotation — you manage the lifecycle.

Security

  • Never expose API keys in client-side code or public repositories
  • Use environment variables to store keys in your applications
  • Restrict key permissions to only what your integration needs