Skip to main content

Authentication

The North API uses API keys for authentication. Each key is scoped to your team and can have specific permissions.

Getting your API key

  1. Log into your North Dashboard
  2. Navigate to Settings > Integrations
  3. Click Create API Key
  4. Give it a descriptive name (e.g., “Zapier Integration”)
  5. Optionally add a description and expiration date
  6. Copy your key immediately - you won’t see it again!
API keys have full access to your team’s data, making it simple to integrate with any service.
Keep your API key secure! Treat it like a password. Never commit it to version control or share it publicly.

Using your API key

Include your API key in the Authorization header of every request: 
Authorization: Bearer north_sk_live_xxxxxxxxxxxx

Example request

curl -X GET \
  "https://api.northreports.com/v1/users/me" \
  -H "Authorization: Bearer north_sk_live_YOUR_KEY_HERE"

API Key format

North API keys follow this format: 
north_sk_live_xxxxxxxxxxxxxxxxxxxxxxxxxxxx
  • north_sk_ - Identifies it as a North secret key
  • live_ - Indicates production environment
  • xxx... - 32 character random string

Permissions

API keys have full access to all your team’s resources:
ResourceCapabilities
ReportsCreate, read, update, delete, and publish reports
CompsManage comparable properties
ShowingsTrack showings and open houses
Social MediaImport engagement data
AI InsightsGenerate summaries and insights
Team InfoView team details
Each API key is scoped to your team only. You cannot access data from other teams.

Common authentication errors

401 Unauthorized

{
  "error": {
    "message": "Invalid API key",
    "status": 401
  }
}
Causes:
  • Missing Authorization header
  • Incorrect key format
  • Key doesn’t exist or was revoked

403 Forbidden

{
  "error": {
    "message": "Permission denied: reports:create",
    "status": 403
  }
}
Cause: Your API key doesn’t have the required permission for this operation.

Key management best practices

Create new keys periodically and revoke old ones. This limits exposure if a key is compromised.
Name keys based on their purpose: “Zapier Automation”, “CRM Sync”, “Marketing Dashboard”
For temporary integrations, set an expiration date on the key.
Check the “Last Used” timestamp in your dashboard to identify unused keys.
Create separate keys for each integration. This makes it easy to revoke access without affecting other systems.

Revoking a key

If you suspect a key has been compromised:
  1. Go to Settings > Integrations
  2. Find the compromised key
  3. Click Revoke
  4. The key is immediately invalidated
Any requests using that key will receive a 401 error.

Testing your key

Use the “Get Current User” endpoint to verify your key is working: 
curl -X GET \
  "https://api.northreports.com/v1/users/me" \
  -H "Authorization: Bearer north_sk_live_YOUR_KEY"
A successful response means your key is valid and you’re ready to start building!