API keys
All API requests require an API key passed as a Bearer token in the Authorization header.
Authorization: Bearer op_live_xxxxxxxxxxxxxxxxxxxx
Generating an API key
- Sign in to your Orchpad account
- Go to Settings → API Keys
- Click Generate new key
- Copy the key immediately — it won't be shown again
Key prefixes
| Prefix | Environment |
|---|---|
op_live_ | Production |
op_test_ | Test / sandbox |
Use test keys during development. Test keys create projects and trigger builds but nothing is deployed to a live URL.
Passing the key
Include the key in the Authorization header on every request:
curl https://api.orchpad.com/v1/projects \
-H "Authorization: Bearer op_live_xxxxxxxxxxxxxxxxxxxx" \
-H "Content-Type: application/json"
Key rotation
To rotate a key: generate a new one in Settings, update your integration, then delete the old key. There is no automatic rotation — you manage the lifecycle.
Security
- Never expose API keys in client-side code or public repositories
- Use environment variables to store keys in your applications
- Restrict key permissions to only what your integration needs