# API

Spindl's Server-to-Server API provides access to campaign and attribution management, and allows easy exporting of data and reports.

## API Key

If you don't already have an API key, you can generate one on the [Settings](https://app.spindl.xyz/settings) page in the Spindl app.

{% hint style="warning" %}
API keys are different from your SDK keys. Please be sure to keep your API access tokens secure and private! Do not share them in emails, client-side code or publicly accessible sites.

If you have accidentally shared an API access token publicly, you can revoke it in your [Settings](https://app.spindl.xyz/settings) by clicking the X button beside the token.
{% endhint %}

## Authentication

API requests are authenticated using the `X-API-Key` header. With the API token from the previous step, calling the Spindl API is as simple as:

```bash
curl -H "X-API-Key: <your_api_key>" https://api.spindl.xyz/v1/links
```

## Errors

Spindl uses HTTP response codes to indicate the success or failure of an API request.

* Codes in the `2xx` range indicate success
* Codes in the `4xx` range indicate incorrect or incomplete requests (e.g. a required parameter was omitted)
* Codes in the `5xx` range indicate an error on Spindl's servers.

On error responses, Spindl also provides error messages and code in the response body:

```json
{
    "statusCode": 404,
    "message": "link not found"
}
```