Authentication

The Drylab API uses API keys to authenticate requests, which are sent with the Authorization header as OAuth2 bearer tokens. You can create new API keys, as well as view and manage your existing ones in your Drylab Dashboard. All drylab keys begin with dry_.

Your API keys are the main method of access to the Drylab services, both free and paid, so make sure to keep them secure! Double check to ensure that the API keys are not pushed into repositories like GitHub or GitLab, or anywhere where they might be accessed by other.

All API requests must be made over HTTPS. Calls made over plain HTTP will fail. API requests without authentication will also fail.

Here are the different ways you can pass your API key to an https request to the Drylab API using curl:

Authenticated Request

curl -X GET 'http://127.0.0.1:10000/v1/works' \
     -i -H "Authorization: Bearer dry_74H8s5jv4XaGBYvEzsjg3LK9jsRYjO3"

curl -i 'http://127.0.0.1:10000/v1/works' \
     --oauth2-bearer dry_74H8s5jv4XaGBYvEzsjg3LK9jsRYjO3

An invalid API key will return a 401 error:

Error

HTTP/1.1 401 Unauthorized
Vary: Origin
Access-Control-Allow-Credentials: true
Content-Type: application/json; charset=utf-8
Date: Thu, 09 Oct 2025 21:11:29 GMT
Content-Length: 41
x-correlation-id: 2ab5029d-389d-4262-8a26-6501341d594b
www-authenticate: Bearer error="invalid_token"

Response

{"error":"Unauthorized: Invalid API key"}

PreviousQuickstart NextCorrelation IDs

Last updated 10 days ago