Docs /API Authentication Dashboard →

API Authentication

Authenticate to the Continuata API with a bearer token from your dashboard.

Base URL

All API requests should be made to:

https://continuata.io/api

Getting Your API Key

Each user in your organisation has a single personal API key. You can view and refresh it from the dashboard.

Using the Key

Include your API key in the Authorization header:

Authorization: Bearer ct_your_api_key_here

Example Request

curl -X GET "https://continuata.io/api/products" \
  -H "Authorization: Bearer ct_your_api_key_here" \
  -H "Content-Type: application/json"

Permissions

An API key inherits the role of the user it belongs to. There are no separate scopes — if your dashboard role lets you do something, the API will too.

• Owner / Admin — full read and write across all org resources, including settings and integrations
• Member — read and write product and download data; no settings access

For server-to-server integrations (Stripe, FastSpring, custom storefronts), generate the key under an admin or owner account so it can both read products and create download tokens.

Response Format

All API endpoints return JSON. Successful responses return the resource (or an array of resources) directly:

Success Response

[
  {
    "product": { "id": "epic-drums-v1", "name": "Epic Drum Kit Vol. 1", "status": "published" },
    "activeVersion": { "id": "version_abc", "version": "1.0.0", "status": "ready" }
  }
]

Error Response

Errors return a JSON object with an error field and the appropriate HTTP status code:

{
  "error": "Not authorized"
}

Common Status Codes

Testing Your Key

A quick way to confirm your key is working is to list products:

curl -X GET "https://continuata.io/api/products" \
  -H "Authorization: Bearer ct_your_api_key_here"

If you see a JSON array (even empty) you're authenticated. A 401 means the key wasn't accepted.