Authentication
All external API calls require this header:
Authorization: X-API-Key YOUR_API_KEY
Validation Flow​
For each request, Minotaur checks:
- The key exists and belongs to your account.
- The key is not revoked.
- The key is not expired.
- The key has the endpoint permission required.
If all checks pass, the request is processed.
Common Failures​
401: Missing header or wrong auth scheme.403: Key revoked, expired, not found, or missing permission.