Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.spacemedia.uk/llms.txt

Use this file to discover all available pages before exploring further.

Authentication

Organization admins generate an API key and secret in the dashboard. API clients exchange those credentials for a bearer token and then send the token on protected API requests.

Token exchange

curl --request POST 'https://enterprise.spacemedia.uk/api/v1/token' \
  --header 'X-Api-Key: <YOUR_API_KEY>' \
  --header 'X-Api-Secret: <YOUR_API_SECRET>'
Successful response: 
{
  "token": "1|demo_sanctum_token_value",
  "expires_at": "2026-05-18T10:30:00+00:00"
}
If the organization token TTL is disabled, expires_at is null.

Authenticated requests

curl 'https://enterprise.spacemedia.uk/api/v1/countries' \
  --header 'Accept: application/json' \
  --header 'Authorization: Bearer <YOUR_ACCESS_TOKEN>'

Acting for an organization user

Some content endpoints support X-User-Id to act for a user in the same organization. This does not bypass policies. The user must belong to the same organization and the action must still be allowed by dashboard permissions. 
curl 'https://enterprise.spacemedia.uk/api/v1/releases' \
  --header 'Authorization: Bearer <YOUR_ACCESS_TOKEN>' \
  --header 'X-User-Id: 9d7046b2-3ab1-4c9d-9bd8-90bbd22b7df2'

Security rules

  • Never send API key or secret after the token exchange request.
  • Never place bearer tokens in query strings.
  • Rotate credentials if a secret is exposed.
  • Do not use cross-organization selectors in public integrations.