Authentication
How to authenticate with the ArtistGuard API using session cookies or API keys.
Two ways to authenticate. Which one you use depends on what you're building.
Session cookie
When you log in through the web app, the server sets an HttpOnly cookie called ag_token. The browser sends it automatically. Nothing to manage yourself.
This is what the dashboard uses. Not suitable for scripts or automation.
API keys
Generate one at Dashboard > API Keys, then include it in every request:
Authorization: Bearer ag_live_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Keys are organization-scoped. They have full access to everything your org can do. Treat them like passwords.
The full key is shown exactly once right after creation. After that, only the prefix is visible. Lost it? Revoke it and create a new one.
Which to use
| Situation | Use |
|---|---|
| Browser dashboard | Session cookie (automatic) |
| Server-side scripts | API key |
| CI/CD pipelines | API key |
| External integrations | API key |
Example request
curl https://v2-prod-api.artistguard.app/api/v1/artists \
-H "Authorization: Bearer ag_live_your_key_here"
Every endpoint except public auth routes requires authentication. No auth returns 401 Unauthorized.
Common errors
| Status | Meaning |
|---|---|
401 |
Missing or invalid credentials |
403 |
Authenticated but action is creator-only |
429 |
Rate limit hit, back off and retry |