Skip to main content
The Wave API authenticates with API keys sent as a Bearer token: 
Authorization: Bearer sk_sandbox_xxxxxxxxxxxx

Key types

PrefixEnvironmentStatus
sk_sandbox_Sandbox — real calls under the sandbox constraints (trial window + destination lock)Available now
sk_live_Production — unconstrainedComing with the production upgrade flow
Today every account is sandbox tier. Production keys arrive with the production-upgrade flow (not yet released).

Getting a key

API keys are created and managed in the Wave dashboard (not via the API):
  1. Log in at wave.sa.
  2. Open API Keys.
  3. Copy the key on creation — it is shown once.
To rotate, use Revoke & Regenerate in the dashboard. The old key stops working immediately and a new one is issued atomically.

Sending the key

Every request must include the Authorization header. Requests without a valid key return 401 with the standard error envelope.
Never expose a key in client-side code or commit it to source control. Keys belong on your server.