Authentication

Authenticate direct-client API requests with a Sillage workspace API key.

The API uses direct-client public API keys generated in Sillage workspace settings. These keys authorize access to the workspace linked to the key.

Include the API key in the Authorization header:

Authorization: Bearer <YOUR_API_KEY>

Example request

curl -X POST "https://api.getsillage.com/api/v2/contents/query" \
  -H "Authorization: Bearer $SILLAGE_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"page_size": 5}'
const response = await fetch('https://api.getsillage.com/api/v2/contents/query', {
  method: 'POST',
  headers: {
    Authorization: `Bearer ${process.env.SILLAGE_API_KEY}`,
    'Content-Type': 'application/json',
  },
  body: JSON.stringify({ page_size: 5 }),
})

const result = await response.json()
import { request } from 'node:https'

const req = request(
  new URL('https://api.getsillage.com/api/v2/contents/query'),
  {
    method: 'POST',
    headers: {
      Authorization: `Bearer ${process.env.SILLAGE_API_KEY}`,
      'Content-Type': 'application/json',
    },
  },
  (res) => {
    let body = ''
    res.on('data', (chunk) => {
      body += chunk
    })
    res.on('end', () => {
      console.log(JSON.parse(body))
    })
  },
)

req.end(JSON.stringify({ page_size: 5 }))
import os
import requests

response = requests.post(
    "https://api.getsillage.com/api/v2/contents/query",
    headers={"Authorization": f"Bearer {os.environ['SILLAGE_API_KEY']}"},
    json={"page_size": 5},
    timeout=30,
)
response.raise_for_status()
result = response.json()

Status codes

StatusMeaning
200The request succeeded.
400The request parameters are invalid.
401The API key is missing, invalid, or revoked.
402Insufficient credits to complete the request.
403The key does not have access to the requested workspace resource.
404The requested resource does not exist or is not visible to the key.
409Conflict with current state of the resource.
422Unprocessable entity. The request body is structurally valid but semantically invalid.
429Too many requests. The Retry-After header indicates when to retry.
500An unexpected server error occurred.

Error model

v2 endpoints (/api/v2/...) return errors as RFC 9457 problem documents. The response Content-Type is application/problem+json.

Each problem document contains six fields. The type URI is a stable slug registered at https://docs.getsillage.com/errors/<slug>. When no specific type applies, type is about:blank. The errors extension field is present only on validation errors (400, 422) and maps each invalid field to a list of messages.

{
  "type": "https://docs.getsillage.com/errors/invalid-query",
  "title": "Invalid query parameters",
  "status": 400,
  "detail": "page_size must be a positive integer",
  "instance": "/api/v2/contents",
  "errors": { "page_size": ["must be a positive integer"] }
}

The v1 endpoints (/v1/workspace/signals, /v1/workspace/leads) keep the legacy { "error": { status, name, message } } envelope. All v2 endpoints use the problem+json shape above.

Common response headers

Every response includes:

HeaderDescription
X-Request-IdRequest UUID for debugging and support.
X-Response-TimeServer response time.

Rate-limited responses (429) include:

HeaderDescription
X-RateLimit-LimitMaximum number of requests allowed in the time window.
X-RateLimit-RemainingRemaining requests in the current window.

When you receive a 429, read X-RateLimit-Remaining and back off before retrying.

Security

Treat API keys like passwords

Store them server-side, avoid exposing them in browsers, and rotate keys when a user leaves your organization or a key may have been copied.

On this page