Authentication

The Competiflow API uses API keys sent as Bearer tokens. There is no OAuth flow for the public v1 API.

API keys

Create keys in the dashboard: Settings → API keys → Create key.

Each key is shown once at creation:

sk_live_a1b2c3d4e5f6...

Keys are stored as SHA256 digests. If you lose a key, revoke it and create a new one.

Authorization header

Include the key on every request:

Authorization: Bearer sk_live_your_key_here

Example:

curl https://api.competiflow.com/v1/workspaces \
  -H "Authorization: Bearer sk_live_your_key_here"

Scoping

API keys belong to your user account. All list/show/create operations are scoped to resources you own. You cannot access another user's workspace, competitor, monitor, or change by ID.

Rate limits

Each key inherits your plan's per-minute rate limit. See Rate limits.

Errors

Status Code Meaning
401 unauthorized Missing, malformed, or revoked key
{
  "error": {
    "code": "unauthorized",
    "message": "Invalid or missing API key"
  }
}

Security tips

  • Do not commit keys to git or expose them in client-side code.
  • Use environment variables (COMPETIFLOW_API_KEY) in scripts and CI.
  • Revoke unused keys promptly.

Find out before your customers do

Point Competiflow at your competitors and get the moves that matter, with the before and after attached. Skip the dashboard nobody opens and the alert flood nobody reads.

It diffs real fields, not pixels
Every change shows its receipts
One quiet digest, your cadence
No credit card required. 100 free checks included.