Solenoid Meter

Appearance

Authentication

Solenoid Meter uses API key authentication with Bearer tokens.

API Keys

API keys are prefixed with sm_ (Solenoid Meter) to make them easily identifiable:

sm_1a2b3c4d5e6f7g8h9i0j

Keep your API key secure and never commit it to version control.

Using Your API Key

Include your API key in the Authorization header using the Bearer token format:

Authorization: Bearer sm_your_api_key_here

All endpoints under /v1/* require authentication.

Getting an API Key

API keys are issued when you sign up for Solenoid Meter at solenoid.systems/meter.

Free tier:

  • Key is displayed immediately after signup
  • Also emailed to you for safekeeping

Pro tier:

  • Key is emailed after payment confirmation
  • May take up to 60 seconds to propagate globally

Key Management

Storage

Store your API key securely:

  • Use environment variables (never hardcode)
  • Use secret management services in production
  • Never commit to version control
bash
# .env
SOLENOID_METER_API_KEY=sm_your_api_key_here

Rotation

Rotate your API key periodically for security:

bash
curl -X POST https://api.solenoid.systems/v1/keys/rotate \
  -H "Authorization: Bearer sm_old_key_here"

Response:

json
{
  "key": "sm_new_key_here"
}

The old key is immediately invalidated when rotation completes.

Error Responses

401 Unauthorized

Missing or invalid API key:

json
{
  "error": {
    "code": "unauthorized",
    "message": "Invalid API key"
  }
}

Common causes:

  • Missing Authorization header
  • Invalid key format
  • Key has been rotated or deleted
  • Typo in the key

429 Too Many Requests

Rate limit exceeded (free tier: 10 requests/second):

json
{
  "error": {
    "code": "rate_limit_exceeded",
    "message": "Rate limit exceeded"
  }
}

Pro tier has higher limits and no rate limiting on production workloads.

Best Practices

  1. Use environment variables - Never hardcode API keys
  2. Rotate regularly - Rotate keys at least quarterly
  3. One key per environment - Use separate keys for dev, staging, production
  4. Monitor usage - Watch for unusual patterns that might indicate a leak
  5. Invalidate immediately - Rotate keys immediately if compromised