API

Authentication

Every request to the Coorda API is authenticated with an API key sent in the X-API-Key header.

Keys are shown once
The full API key is only displayed at creation time. Store it in a secrets manager or environment variable — if you lose it, create a new one.

Key format

Coorda API keys start with ck_live_ followed by 64 hex characters (72 characters total).

ck_live_a1b2c3d4e5f6...abcdef

Including the header

Send the key in the X-API-Key header on every request:

curl https://coorda-app.vercel.app/api/context/search?entityId=customer_123 \
  -H "X-API-Key: ck_live_your_key_here"

Rate limits

Each organization is rate limited to 60 requests per minute. Exceeding the limit returns 429 Too Many Requests with a Retry-After header.

Error responses

  • 401Missing or invalid API key
  • 403Key revoked or org disabled
  • 429Rate limit exceeded — wait and retry
Rotating keys
Create new keys at any time via POST /api/auth/keys. Old keys stay valid until you revoke them — rotate gradually to avoid downtime.