x-api-key header. There are two separate API surfaces, each with its own key
type. Keys are never interchangeable across surfaces.
| Surface | Base path | Key type | Key prefix |
|---|---|---|---|
| Chataigne API (public) | /v1 | Location / organization key | ch_org_ |
| Admin API | /admin/v1 | Admin key | ch_admin_ |
Authenticating a request
Send your key in thex-api-key header on every request. There is no
Authorization: Bearer scheme — only x-api-key is accepted.
Dashboard sessions are not API credentials. A logged-in dashboard session
cannot be used to call
/v1 or /admin/v1 — these surfaces only accept
x-api-key.The two surfaces
Chataigne exposes two independent API surfaces. Each is versioned by path (/v1, /admin/v1) and accepts exactly one key type.
Chataigne API
Path
/v1. Read and manage a single organization and its locations,
settings, and special closings. Authenticated with location /
organization keys (ch_org_).Admin API
Path
/admin/v1. Provision and manage organizations and locations across
accounts. Authenticated with admin keys (ch_admin_).Public API — /v1
The public Chataigne API is scoped to the organization (and its locations)
that the key belongs to. Use a ch_org_ key.
Admin API — /admin/v1
The Admin API performs account-level operations such as creating organizations
and locations. Use a ch_admin_ key.
Strict surface separation
Keys are bound to their surface. Sending a key to the wrong surface is rejected — it is never silently downgraded or upgraded. This containment is enforced on every request.| Scenario | HTTP status | Error type |
|---|---|---|
| Valid key, correct surface | 200 | — |
| Missing or malformed key | 401 | authentication_error |
| Wrong key type for the surface | 403 | authorization_error |
Missing key → 401
Wrong key type → 403
Sending an admin key to the public surface:/admin/v1 — fails the same way:
Every error response carries an
X-Request-Id header, mirrored in the body as
error.request_id. Include it when contacting support. See
Request IDs and Errors.Key prefixes
Every key carries a prefix that identifies its surface at a glance. The prefix is the only part of a key you should ever expose (for example, in logs or UI): the secret portion that follows must stay confidential.Location / organization key. Authenticates the public Chataigne API
(
/v1). Scoped to a single organization and its locations.Admin key. Authenticates the Admin API (
/admin/v1). Performs account-level
provisioning across organizations and locations.Keeping keys safe
API keys grant full programmatic access to your data. A leakedch_admin_ key
in particular can manage organizations and locations across your account.
Recommended practices:
Store in environment variables
Load keys from environment variables or a secrets manager. Never hard-code
them or commit them to version control.
Call from your backend
Proxy all Chataigne API calls through your own server. The key never reaches
the client.
Use least privilege
Reach for an
ch_org_ key whenever account-level access is not required.
Reserve ch_admin_ keys for provisioning workflows.Rotate on exposure
If a key is ever exposed — in a log, a screenshot, or a repo — rotate it
immediately and audit recent activity.
Node.js (server-side)
Quick reference
Your API key. Use a
ch_org_ key for /v1 and a ch_admin_ key for
/admin/v1. Required on every request.Next steps
Errors
Error types, status codes, and response shape.
Request IDs
Trace any request with
X-Request-Id.Rate limits
Per-key, per-surface limits and headers.
Versioning
Path-based major versions and breaking-change policy.