Authentication - Selcor API

All /v1 endpoints require a Bearer token in the Authorization header.

curl https://api.selcor.ai/v1/workspaces \
  -H "Authorization: Bearer sk_live_..."

API Keys

API keys are scoped to a tenant and can be further restricted:

Scope	Description
`TENANT`	Full access to all workspaces under the tenant
`WORKSPACE`	Limited to specific workspaces

Each key has a set of permissions (e.g., workspaces:read, calls:read, relay:execute) that control which endpoints it can access.

Requests without a valid token return 401 Unauthorized:

{
  "error": {
    "code": "unauthorized",
    "message": "Missing or invalid Authorization header"
  },
  "request_id": "req_abc123"
}

Requests with insufficient permissions return 403 Forbidden:

{
  "error": {
    "code": "forbidden",
    "message": "Missing required permission: relay:execute"
  },
  "request_id": "req_abc123"
}