Authentication
Capacitor uses API keys for programmatic access. Include your key in the X-API-Key header with every request.
Authentication methods
API Keys
For programmatic access to charger, transaction, and webhook endpoints. Prefixed with cap_live_ or cap_test_.
Firebase Auth
For portal user sessions only. The dashboard handles login and signup via Firebase Auth SDK and includes the ID token automatically.
Using your API key
Example request
bash
curl https://capacitor.live/api/v1/chargers \-H "X-API-Key: cap_live_sk_abc123def456..."
API keys are shown only once when created. Store them securely and never expose them in client-side code.
Create API key
POST
/api/v1/auth/api-keysGenerate a new API key. Requires Firebase Auth token (portal only).
Request body
json
{"name": "Production API Key"}
Response — 201 Created
json
{"id": "key_123","name": "Production API Key","key": "cap_live_abc123def456...","createdAt": "2026-02-06T12:00:00.000Z"}
List API keys
GET
/api/v1/auth/api-keysGet all API keys for your organisation.
Response — 200 OK
json
{"apiKeys": [{"id": "key_123","name": "Production API Key","prefix": "cap_live_abc1****","lastUsed": "2026-02-06T11:30:00.000Z","createdAt": "2026-02-01T10:00:00.000Z"}]}
Revoke API key
DELETE
/api/v1/auth/api-keys/:keyIdPermanently revoke an API key.
Response — 200 OK
json
{"message": "API key revoked successfully"}
Rate limits
API calls are rate-limited per organisation based on your tier. Limits reset daily at midnight UTC.
| Tier | API calls / day | Max chargers |
|---|---|---|
| Free | 50 | 1 |
| Starter | 1,000 | 5 |
| Growth | 10,000 | 100 |
| Scale | Unlimited | Unlimited |
Rate limit headers are included in every response: RateLimit-Limit, RateLimit-Remaining, RateLimit-Reset.