Skip to main content
Documentation

Authentication

The Pro Clubs Studio API uses API keys to authenticate requests. Every request must include a valid key in the X-API-Key header.

API key types

Each partner account has access to two key types, identifiable by their prefix:

Key typePrefixPurpose
Live
sk_live_*
Production use. Deducts real credits and produces production-quality images.
Test
sk_test_*
Development and testing. No credit deduction, watermarked output images.

Including your key in requests

Pass your API key in the X-API-Key HTTP header on every request:

curl "https://api.proclubsstudio.com/v1/images" \
  -H "X-API-Key: sk_live_your_key_here" \
  -H "Content-Type: application/json"

Live vs Test environment

The key prefix determines the environment. Both environments use the same base URL and endpoints — the behaviour changes automatically.

BehaviourLiveTest
Credit deductionReal credits deductedNo credits deducted
Image outputProduction-quality, CDN-hosted URLsWatermarked or mocked images
Usage metricsTracked in live metricsSegregated from live; separate counters
WebhooksDelivered with "environment": "live"Delivered with "environment": "test"

Security best practices

Store keys securely

Your API key is shown only once when created. Store it in a secrets manager or environment variable — never hard-code it in source files. Pro Clubs Studio stores only the SHA-256 hash of your key along with the prefix and last 4 characters for display.

Server-side only

Never include your API key in client-side code, mobile apps, or browser requests. All API calls must originate from your backend servers.

Rotate regularly

If you suspect a key has been compromised, revoke it immediately from the Partner Console and generate a new one. Revoked keys return 401 on all subsequent requests.

Use test keys for development

Use sk_test_ keys during development and CI/CD. This prevents accidental credit consumption and keeps your live metrics clean.

Authentication errors

When authentication fails, the API returns one of the following error responses:

401

INVALID_API_KEY

Returned when the API key is missing, malformed, or has been revoked. Check that the X-API-Key header is present and the key is valid.

{
  "success": false,
  "data": null,
  "error": {
    "code": "INVALID_API_KEY",
    "message": "The provided API key is invalid or has been revoked.",
    "request_id": "req_abc123",
    "docs_url": "https://platform.proclubsstudio.com/docs/errors/INVALID_API_KEY"
  }
}
403

PARTNER_SUSPENDED

Returned when the partner account associated with the key has been suspended. Contact support@proclubsstudio.com to resolve.

{
  "success": false,
  "data": null,
  "error": {
    "code": "PARTNER_SUSPENDED",
    "message": "Your partner account has been suspended. Contact support.",
    "request_id": "req_def456",
    "docs_url": "https://platform.proclubsstudio.com/docs/errors/PARTNER_SUSPENDED"
  }
}

For the full list of errors, see the Error Reference.