Authentication to Aurora Solar's API is granted through API keys (bearer tokens). An Admin user for your tenant can create, retrieve, rotate, and delete the keys using the API Tokens screen in Aurora.



API key types

Aurora currently supports two types of API keys. Note that all keys will be created in the current version of the API.

Standard keys

A Standard Key grants access to all API actions for a single tenant. This type of key is intended for general usage when building your integration.

A tenant may only have one standard key.


We strongly recommend against sharing Standard Keys outside of your organization. See Restricted Keys for a more secure alternative.

Restricted keys

Restricted Keys grant access to only a specified subset of API actions for a single tenant (e.g., only List and Retrieve Projects). If you want to grant additional services (internal or third-party) access to your data, consider using restricted keys to reduce the risk of unintended data sharing. We highly recommend creating a separate restricted key for each third party. This gives you more granular control over the third party's access and allows Aurora to individually audit activity on each key.

You can further scope restricted key access to specific projects by using tags. See Project-based Tags for more information.

A tenant may have multiple restricted keys with varying levels of access.

Using bearer tokens

In order to authenticate a request using Bearer Token auth, you need to pass the bearer token associated with your key through the Authorization header and also prefix the entire key with Bearer. For example, an authenticated curl request would include the following: -H "Authorization: Bearer sk_prod_LXknKczQYkniVtMpRYs8wJgk"

Our bearer tokens have a meaningful prefix to help with key management. The prefix consists of:

  1. The type of key:
  • sk_: A "Standard Key"
  • rk_: A "Restricted Key"
  1. The environment:
  • sand_: The key grants access to the sandbox environment.
  • prod_: The key grants access to the production environment.

For example, a key that grants access to all API actions for a single tenant on production would look like sk_prod_LXknKczQYkniVtMpRYs8wJgk.

Related Tutorials: